Subj : Re: SSH on BBSes
To   : Arelor
From : boraxman
Date : Sat Apr 09 2022 15:27:02

 Ar>  >  Ar> That is a fair point. Then again, there is this pretension from GD
 Ar>  >  Ar> authoriti
 Ar>  >  Ar> that foreigner entities must comply with the GDPR when
 Ar>  >  Ar> serving EU citizens, "or else".
 Ar>  > 
 Ar>  > I think BBSes are fairly immune to GDPR for a few reasons:
 Ar>  > 
 Ar>  > 1) Generally, BBSes are hobbies, not commercial entities.
 Ar>  > 2) BBSes are small potatoes and therefore not worth pursuing.
 Ar>  > 3) BBSes aren't actively storing/mining personal data. Users can, for t
 Ar>  > most part
 Ar>  > control what information they share with a BBS.
 Ar> 
 Ar> I don't know of the baseline set by the GDPR, but Spanish implementation
 Ar> is that it
 Ar> does not matter whether it is a commertial entity or not.
 Ar> 
 Ar> Being a small violator does not make it legal. At best it makes it so
 Ar> small that
 Ar> nobody cares whether it is legal or not (which is, precisely, my original
 Ar> point: that
 Ar> operators themselves don't give a damn, and that is good)
 Ar> 
 Ar> 3) depends on the BBS implementation. Certainly I get detailed
 Ar> information of failed
 Ar> logins, which means the BBS package I call to actively registers
 Ar> activity.
 Ar> 
 Ar> --

I think there needs to be a distinction between private and public here.  If I set up my BBS on my own home computer, and people come and apply to use it, it seems objectionable for there to be administrative requirements.

Small "violators" should be permitted, if they indeed private.  I think the "I am a hobbyist" and "I'm not data mining" doesn't hold if you run a service that allows others to do that.

If the BBS is making information available outside of its own interface, especially via WWW, then it shouldn't be immune.  Data mining and privacy concerns kick in.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
 * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

.