Data privacy - TransAtlantic regulatory regimes and migrating meet. coop
Date: Monday, May 22, 2023
Time: 18:00 London time. (European time = +1, N America Eastern time = -5, N America Pacific time - -8).
Venue: commons.hour room (@ DE server)
meet. coop intends to migrate to platform hosting by WebTV, a Canadian coop. This opens the possibility of choosing which data protection regulatory regime to be under - Canadian or European - or even operating under both regimes on different servers, and offering members the choice as part of the service we give. This
commons.hour aims to assemble the best knowhow that we have in our community, to underpin a sound strategic choice and highlight practical issues.
@petter @flancian and @anarcat have some inputs on this, but a bunch of others in our community have relevant knowhow (see Commons.hour special - data privacy - #5 by mikemh). Please do come and contribute. This is a significant strategic decision for meet. coop.
See ongoing discussion in this thread: Evolution #2 - A `commons.hour` on data privacy and regulatory regimes
Post-meeting documentation is below: Commons.hour special - data privacy - #11 by mikemh
Without getting into any spoilers, it’s important to be aware of politics in Canada before getting into this. This usually doesn’t matter too much, but in this case it matters very much because last year a new privacy law came in effect in the canadian province of Québec that is somewhat inspired (but even stronger on some aspects) by the GDPR.
All the documentation I have on this is unfortunately in french, but I’ll dump it here anyway in case people want to catch up with Google Translate or DeepL or ChatGPT or a friend or whatever it is people use these days:
sorry for the link dump, but it’s all i have. ):
Terrific @anarcat thanks lots. I use Deep-L these days, works well. Questions below are tactical questions for meet. coop. Shouldn’t (?) necessarily shape the session too much, which ought to be a bit more broad, and ‘principles’ based?
- My first reaction is that this is good news (that the Euro and Quebec regimes are basically similar, and going in the same direction).
- Second thought is: this still probably won’t affect the willingness of European public (governmental?) organsiations to have their data on ‘non-European’ servers (whatever that phrase means).
- And third - our members so far - none of them (?) governmental organisations - have been fine with the informal ‘GDPR’ claim we have made, so why would this change in the future?
- Fourth is: of course we have to step into a formal GDPR regime now (or GDPR-plus = Quebec). It’s basic? Regardless of what our users’ privacy consciousness may be?
- Finally: who do we expect our members to be in the future? Coops. Civil society informal organisations. Governmental organisations. Individuals. In Europe. In Canada. In USA. In other national jurisdictions?
Questions for @evolution team to form some views on. This is placing more emphasis on the ‘prefernces’ section of the discussion?
These members might want to contribute? Do join this session.
I don’t think I can join on Monday, apologies as I’ve been swamped lately!
Reminder invite, do join us…
@dvdjaco @wouter @3wc @hng @Sebas891 @Yurko @chris @evolution
Here are machine translations into English, of the pages provided above by @anarcat : Nextcloud
Mostly, guides to data-holding organisations, about obligations under the new Quebec state law (‘Bill #25’) coming into force in stages between September 2021 and 2024.
Here a schema of data locations in meet.coop, to summarise topics that need discussing (‘protocols’), jurisdictions and digital spaces
The seminar I went to also listed Canada as approved by the EU “to some extent” (which might mean Quebec, don’t remember), but I agree with Mike’s points.
Countries with an adequate level of protection
• Faroe Islands
• Isle of Man
• Japan (under review)
• Canada (to some extent)
• New Zealand
• UK (reassessed after 2 years)
• South Korea