Good morning,

I am very pleased to see that you bring up this issue. GDPR offers a great opportunity to promote FOSS.

FOSS is definitely far more "GDPR-ready" than proprietary or closed-code. But, what an irony!  Who shouts the most about GDPR these days? Delivers free seminars with free food & drinks(!), invites prominent professors on stage, to give speeches about data privacy under their auspices?

The ones who hardly comply with the GDPR, invest heavily on promoting it! Otherwise, they will gradually extinct. It seems they have no choice. They also have the budget required, to do so, unlike FOSS. And I am afraid that, at the end of the day, they manage to gain the impressions of the majority...

Can we blame consumers or companies for choosing closed code over FOSS? They are brain-washed, after all.

To close, I would like to work with you, to help create relevant publicity about the true values of FOSS, including its inherent GDPR-readiness.

I am -kind of- speaking by experience, because we have recently gone through an audit for GDPR compliance as a company (email providers). We actually changed our business model in order to better comply: we moved all of our customers, from a unified multi-tenant environment to separated, privately hosted servers. All on FOSS.

At your disposal,
KR
Ioli

On 10/8/2017 10:01 πμ, Jonas Oberg wrote:
Hi Mat,


Specifically, it seems to suggest to me that a fair number of
proprietary platforms - facebook for example might contravene the 'Data
protection by Design and by Default (Article 25)' that requires privacy
settings to be set at a high level by default.

I would posit you're right in this. But I would think the same problem
might exist with distributed platforms. I just checked Diaspora* for
instance, and it seems to have the same level of default privacy as
Facebook for new users and posts ("Friends only" on Facebook and
"All aspects" on Diaspora*).

So it seems to me that if we agree that the right to privacy is important,
supporting Free Software, and supporting the GDPR, are both important aspects
of privacy, but the two are largely on parallel tracks and don't overlap
much.

There's one case I can see though: it would be possible to make the claim
that given the high requirements of GPDR, it's impossible for anyone to
meet those requirements in a believeable way without publishing the software
used as Free Software, and without using Open Standards (which is also
roughly the requirement for Data Portability in Article 20).

Happy if anyone would like to work on this with us. I'm looping in our
policy analyst, Polina Malaja, who would also be involved in this.