GDPR is not relevant to this. It’s not about enforcing copyright on people’s work.
It’s about ensuring that companies only store and process privacy-sensitive information about people which they are given consent to store and only used for the purposes the consent was given.
There is nothing privacy related wrt the author in a public article published worldwide for everyone to read. Clearly outside the domain of GDPR.
It’s not hard people, just common sense. Just treating user-data with respect. Let’s not fool ourselves into thinking it’s harder than it actually is.
I assume they'll continue as now: take down copies on request. It's not like they didn't have to deal with content people didn't want to archive them before.
I doubt it. GDPR is the obvious next step in the war on GPC (memory specifically). archive.org exists to fix that. If they fall because some other country has no 1st, they fail. Other people have copies.
I haven't read GDPR in details, but isn't GDPR concerned only with personal/private data? The Wayback Machine only archives public pages as far as I can tell...
Yes but the article itself is user-provided content to Medium that the author has a right to ask to be deleted (under GDPR), presumably? So perhaps it will be simply a matter of the The Wayback Machine having to have a policy to delete things if requested?
Given the immense scale of Archive.org, there must be a truly incredible number of sites & pages with personal data & content in the pages. Millions upon millions of pages, due to the repeat archiving.
Comments with usernames. Comments with ip addresses (sometimes old comment systems would allow you to comment without registering but they'd show all or part of your ip address). Comments with personal information in the messages. Comments with email addresses. Blog posts with all sorts of personal details from the author. Personal user account pages, such as the kind you see on sites like Ask.fm or similar, with vast amounts of user information and personal details that can't be deleted. And on it goes. Archive.org is storing all of that and does not allow it to be deleted. Further, it would be nearly impossible to figure out what content is compliant and what is not within the archives. It's a giant GDPR violation system. Their only sane bet is to stay way from the EU jurisdiction wise as much as possible, or shut down.
Why would GDPR apply to the internet archive? It's a US based nonprofit. As far as I can tell they don't do anything that even remotely hints at them providing services to EU residents (like offering their site in European languages, having the €-symbol somewhere on their donations page or any of the other more subtle things mentioned in GDPR).
GDPR doesn't change anything in this respect. Copyright law applies.
Why would the owner of the copyright make a complaint to the data protection authorities of the EU who might choose to do nothing when they could directly file a copyright infringement case? I suppose you could add insult to injury, but the data protection agency is likely to rule that the issue is one of copyright infringement.
They already take down pages on request and retro-actively apply robots.txt rules so that solves "right to be forgotten" or other circumstances where PII is present and shouldn't be.
They have sufficiently defensible reason to keep and present the archived information otherwise.
Their key problem will remain copyright and publishing rights arguments not matters of personal data, at least not more so than currently.
(caveat: while I have an understanding of the regulation due to it very much having an effect on our clients and to a lesser extent on us directly, I am not a lawyer by any definition so don't take my interpretation as gospel in any way)
They can't, and I would like to know what Europe wants to do about it. Block wayback machine in Europe ? Well, I can still access it with a VPN if I want. Also I want to know what they will do about git and GitHub, or even blockchain project (how you delete something from a blockchain ?)
The problem is that GDPR is a stupid legislation written by incompetent people that doesn't understand the subject and imposed with no possibility of choice on member states, like all the regulations from the EU (cookie banner law, for example).
And of course GDPR doesn't impact to much the companies that they aim to fight, like Facebook, Google, etc, they have teams of layers payed millions with the sole purpose to find ways to circumvent these regulations, they will just update the terms of services and done, the ones that will be more affected are small companies, startups, personal no project side projects, people that doesn't have money to spend in a layer for a project that doesn't make him any revenue.
I think that in Europe it's not more possible to do anything, if you have a good and innovative idea and you want to realize it, better take a flight to the US...
The law is meant to allow me to delete my account from your cool SV startup, and delete meaning actually delete the data and not deactivate the account but continue using or selling my data.
The cookie law is a problem because lazy web developers did not implement it right, probably you complain about don't spam me law because it adds a bit of extra work for adding the unsubscribe link and implement the requierements.
The laws are done for the good of the society and not for helping a minority to implement some move fast break things, pivot and try again.
For the love of god, please stop spreading these misinformed views.
1. Nobody in Europe will be blocking anything.
2. The Wayback machine will continue to operate.
3. GDPR is generally pretty well-written legislation, based on extensive experience by privacy regulators across Europe.
There are some questions about exactly how the rules will evolve in practice. The thing to bear in mind is that privacy regulators are interested in compliance, not in punishment.
If your site only uses cookies for operational reasons, such as enabling login or maintaining a basket, you don't need to inform the user.
So anytime you see a cookie-banner that indicates that the site is doing something additional with cookies. Like tracking for ad-networks. It's a yellow-flag.
Like many aspects of culture, we may have to rely on pirate outfits to archive and preserve things, until the original parties are no longer interested in fighting about it either way, or a long enough time passes that the archived history increases in value and decreases in personal stakes.
What a large number of people fail to realise is that the GDPR applies to any person (natural or legal; a data controller and/or data processor) that holds personal data on a EU citizen or EU resident, regardless of where the data controller (or data processor) is. Obviously EU law can only be enforced in the EU but if you are a business then any funds in the EU that belong to the data controller can be frozen or used to pay court levied fines. Or if an infringing data controller travelled to the EU (or a country with an extradition treaty and similar criminal code) they could potentially be held if a court decides that the behaviour was criminal in nature (some EU jurisdictions are more strict than others).
The only way to completely avoid the GDPR is to not hold personal data of EU citizens or EU residents.
I guess they could vest it in some corporation that has no feet down within the EU. Aside from actually cordoning off a section of the Internet there's not much they could do otherwise.
Though now that I think of it, perhaps blocking [the archive.org crawler] could then become mandatory for GDPR compliance ...
This seems to have annoyed a few people. I didn’t mean this as an actual practical strategy, or facetiously, was more meant as a commentary on modern global corporotisation, and a thought experiment on the limits to which the EU can enforce itself online.
josteink|7 years ago
It’s about ensuring that companies only store and process privacy-sensitive information about people which they are given consent to store and only used for the purposes the consent was given.
There is nothing privacy related wrt the author in a public article published worldwide for everyone to read. Clearly outside the domain of GDPR.
It’s not hard people, just common sense. Just treating user-data with respect. Let’s not fool ourselves into thinking it’s harder than it actually is.
walshemj|7 years ago
Just like H&S and the Data Protection act are abused today.
detaro|7 years ago
jakeogh|7 years ago
Who exits next?
rambojazz|7 years ago
scandox|7 years ago
rusk|7 years ago
merinowool|7 years ago
adventured|7 years ago
Comments with usernames. Comments with ip addresses (sometimes old comment systems would allow you to comment without registering but they'd show all or part of your ip address). Comments with personal information in the messages. Comments with email addresses. Blog posts with all sorts of personal details from the author. Personal user account pages, such as the kind you see on sites like Ask.fm or similar, with vast amounts of user information and personal details that can't be deleted. And on it goes. Archive.org is storing all of that and does not allow it to be deleted. Further, it would be nearly impossible to figure out what content is compliant and what is not within the archives. It's a giant GDPR violation system. Their only sane bet is to stay way from the EU jurisdiction wise as much as possible, or shut down.
teamhappy|7 years ago
SmellyGeekBoy|7 years ago
merinowool|7 years ago
BlackFly|7 years ago
Why would the owner of the copyright make a complaint to the data protection authorities of the EU who might choose to do nothing when they could directly file a copyright infringement case? I suppose you could add insult to injury, but the data protection agency is likely to rule that the issue is one of copyright infringement.
jakeogh|7 years ago
dspillett|7 years ago
They already take down pages on request and retro-actively apply robots.txt rules so that solves "right to be forgotten" or other circumstances where PII is present and shouldn't be.
They have sufficiently defensible reason to keep and present the archived information otherwise.
Their key problem will remain copyright and publishing rights arguments not matters of personal data, at least not more so than currently.
(caveat: while I have an understanding of the regulation due to it very much having an effect on our clients and to a lesser extent on us directly, I am not a lawyer by any definition so don't take my interpretation as gospel in any way)
alerighi|7 years ago
The problem is that GDPR is a stupid legislation written by incompetent people that doesn't understand the subject and imposed with no possibility of choice on member states, like all the regulations from the EU (cookie banner law, for example).
And of course GDPR doesn't impact to much the companies that they aim to fight, like Facebook, Google, etc, they have teams of layers payed millions with the sole purpose to find ways to circumvent these regulations, they will just update the terms of services and done, the ones that will be more affected are small companies, startups, personal no project side projects, people that doesn't have money to spend in a layer for a project that doesn't make him any revenue.
I think that in Europe it's not more possible to do anything, if you have a good and innovative idea and you want to realize it, better take a flight to the US...
simion314|7 years ago
The cookie law is a problem because lazy web developers did not implement it right, probably you complain about don't spam me law because it adds a bit of extra work for adding the unsubscribe link and implement the requierements.
The laws are done for the good of the society and not for helping a minority to implement some move fast break things, pivot and try again.
matthewmacleod|7 years ago
1. Nobody in Europe will be blocking anything.
2. The Wayback machine will continue to operate.
3. GDPR is generally pretty well-written legislation, based on extensive experience by privacy regulators across Europe.
There are some questions about exactly how the rules will evolve in practice. The thing to bear in mind is that privacy regulators are interested in compliance, not in punishment.
dingaling|7 years ago
The 'cookie law' is actually subtle genius.
If your site only uses cookies for operational reasons, such as enabling login or maintaining a basket, you don't need to inform the user.
So anytime you see a cookie-banner that indicates that the site is doing something additional with cookies. Like tracking for ad-networks. It's a yellow-flag.
raverbashing|7 years ago
Not allowing information about people to be kept ad-infinitum (and sold ad-infinitum)?
Allow data breaches caused by sheer incompetence to go unchecked?
As much as I worry about its consequences, companies saw it coming.
ghostcluster|7 years ago
tankenmate|7 years ago
The only way to completely avoid the GDPR is to not hold personal data of EU citizens or EU residents.
MatthewWilkes|7 years ago
rusk|7 years ago
Though now that I think of it, perhaps blocking [the archive.org crawler] could then become mandatory for GDPR compliance ...
rusk|7 years ago