>omg.lol does not believe its processing of limited personal data of those outside the United States (if any) brings it within the jurisdiction of these laws.
Oh dear. That is definitely not correct. The only way for omg.lol to not fall under the jurisdiction of the GDPR is to not offer their services to people living where it applies.
And how would the owner go about that? Implement expensive geo-fences and KYC processes for a market they are not interested in? If they (EU people) want to use it .. they should be able to without expecting the same protections as if the business operates in EEA.
How did we get here? To where If I spin up a webserver and charge for access now I'm suddenly forced to lick your middle finger because you have laws in your country saying so?
Simple: explicitly state what regions you provide your service to, optionally use cheap/free IP geolocation to block users from regions you don't wish to provide your service in and wherever you have to record a user's region anyway limit the options to regions you support or display a warning about your terms of service prohibiting use from other regions.
There are plenty of sites that only cater to US users and have signup forms requiring data like postal addresses or payment methods that contain regional information. Heck, some US sites even exclude users from certain states for various reasons. This service costs money so they need the user's billing address anyway. Just restrict access there and then like the rest.
The guy who created omg.lol did not "spin up a webserver and charge for access", they run a company that collects, stores and processes their users' behavioral data and personally identifiable information. It's more like a hosting company except it's apparently cobbled together from various third parties without any due diligence about how they operate. And it even uses the phrase "privacy-focused" in various parts of its claims. Yeah, I'd say it's reasonable to expect a company like that to provide basic information like what data it collects, how it ensures that data is protected and how a data subject can get that data deleted or corrected.
We have laws preventing corporations from selling products that are unfit for purpose or food that is blatantly toxic and we have laws preventing corporations from offering you contracts that demand personal harm or indentured servitude. In places like the EU we also have laws that prevent companies from using your data without consent and making sure you follow the best current practices when handling that data. And yeah, if you want to make a service that collects all data and monetizes the ever living fuck out of it you can still do that, you just need to ask your users for consent and allow them to opt-out if it isn't essential to doing what the users would want to use the service for (i.e. no bait and switch).
I don't know why some people find it so hard to understand the idea of informed and non-coerced consent.
I'll include the mandatory ianal, but they could even ask people to indemnify them, or put up a banner saying: you must be in the US, blah-blah. But they're straight up saying: don't care about your laws. That seems untenable.
Hangon, if go to another country I most certainly have to follow the laws that apply there.
If I surf over to another (Internet surfing) country because the server is physically located in that country, I again am forced to follow the laws that apply there.
It does seem illogical to have such setup especially since physical I haven't moved.
Now it seems that I can take my laws with me when I visit a server in another country. Making everything even more confusing.
Unfortunately that does not apply to physically traveling to another country: that country doesn't care two bobs for my countries laws.
>If I surf over to another (Internet surfing) country because the server is physically located in that country, I again am forced to follow the laws that apply there.
on the other hand if you go set up a business that sells to citizens of that other country do you have to follow rules to be allowed to sell stuff there? You see how the analogy is a little closer aligned?
Not really.
For Example, I setup a business on the Oregon side of the Portland, Oregon / Vancouver, Washington border. Oregon doesn't have a sales tax, should I have to pay Washington sales tax because I had someone buy something from my shop in Oregon?
Same kind of deal, omg.lol have my servers located in the United States, payment processing happens in the United States, in United States Dollars. In no way is omg.lol making a special usecase to handle European customers.
Now, Europe is free to attempt to excise their laws againt omg.lol, however they wouldn't get much further than "you're blocked in the EU" and having to get ISPs and transit networks to blocke their traffic, and payment networks to stop serving EU customers for that particular merchant ID.
If you ever run an ecommerce business, the expectation is absolutely that you pay taxes to foreign governments in compliance with their rules for any customers in their jurisdiction.
Is this usually followed in small scale shops? Almost never in my experience, though if the shop gets big enough or if the business is sold those tax liabilities are still technically owed. Many countries do have a minimum revenue before you have to pay taxes, and some have a minimum before you're supposed to report sales via tax filings even if you don't owe, but you better keep the operation small if you never plan to pay foreign sales tax.
That's not really that interesting of a question, if the owner wants to give the finger to the laws of a region with 300+ million people in it then that's their right, how they go about doing that in a way that it doesn't translate into liability (rather than simply respecting the law with regards to EU subjects) is not something that we need to solve for them. The choice is theirs, so are the consequences.
>How did we get here? To where If I spin up a webserver and charge for access now I'm suddenly forced to lick your middle finger because you have laws in your country saying so?
You do business somewhere, you have to abide by the laws of that somewhere.
As to how did we got here? I don't know. It probably happened sometime around year 500 BC?
The easiest and most reasonable option would be to honor GDPR and similar laws.
If you scam people in country A from country B, you're criminally liable to country A even if it's not a crime in country B. Same if it's espionage (cf. Assange), piracy (cf. TPB) and so on. Why should infringing on privacy rights be any different?
true they are legally required by EU law to follow GDPR, but then it gets into enforcement, Facebook et. al might like to not follow GDPR but they are big enough then have holdings that the GDPR can take money from.
If omg.lol does not have any business in EU it is probably not going to actually be a problem for them because EU is unlikely to go to U.S court to try to get money - also because I believe that probably wouldn't work.
However
1. if they are trying to get purchased by someone they probably should consider potential buyers probably don't want to buy a bunch of EU liability.
2. they should probably refrain from any sort of ambition that would give them such a business in the future because regulators can be really mean when someone does this kind of funny stuff.
3. if they don't pay if called on it maybe there would be a situation where they would get blocked - not sure about that but seems reasonable reaction.
>He complains about Docker being used as a software distribution method, that is as a replacement for say Debian package, pip package, npm package etc.
If that is a valid complaint, why does he choose two examples where that is not the case? Nextcloud AIO is just one option among many and certainly not the "standard way" of hosting your nextcloud instance. Coincidentally I came from hosting nextcloud the "standard way" and I'm really glad AIO exists and I don't have to manage nonsense like nextcloud ending support for the latest Debian php version. And Home Assistant is mainly distributed as the OS variant with the docker version being the step child afterthought that barely functions.
>"Authoritarian regimes" usually have popular support since a huge majority supports the ruling party.
This argument makes about as much sense as the following one:
>Otherwise, the country would not be stable and vast sums of western money would not have to be sent there in order to ferment a color revolution.
The defining characteristic of an authoritarian regime as opposed to a democratic one is that it does not derive its power and legitimacy from the people - i.e. popular support. It may be stable and "popular" and still terrible, North Korea comes to mind. But as out of touch as you seem to be, you probably belong to that strange group of people who think NK is actually an anti Western paradise.
