It’s not like companies that use Linux don’t get breached either. Your personal data is in thousands of databases that have varying levels of security. Personal choices don’t affect any of that, regulations like GDPR are what’s needed.
GDPR has much the same problem: it can only actually be enforced against entities with a presence in Europe. When Europeans do international business, the GDPR only protects them if that foreign site has a business presence within Europe. When they have no bank accounts or business assets inside the EU, they are not subject to the GDPR.
Even though the GDPR covers your side, it doesn’t always cover the other side.
That’s why I said “regulations like the GDPR”. The US and other blocs need similar regulations. Especially the US is important, as they’ve shown that they’re willing to stretch the size of their jurisdiction to sometimes absurd lengths.
That’s usually a bad thing, but in this case that might be good.
I am not subject to the GDPR. I don’t have to abide by it. Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.
Microsoft has proven themselves overtly hostile to privacy. Yours, mine, and everyone’s. The available options are:
Attempt to regulate them into behaving like decent human beings.
Avoid their business.
When my therapist is using a system that is overtly hostile to their privacy and mine, the solution is not to ask the government to chastise their attacker. The solution is to eliminate their reliance on their attacker, and get them in a system the attacker doesn’t control.
I’m not saying we should avoid GDPR-like regulation altogether. I’m saying that at the OS level, Linux is intrinsically compliant with the intent of such regulation but may not comply with the letter, if the letter requires some sort of affirmative confirmation or certification of compliance that would be complicated for the developer to implement.
Microsoft will be able to be technically compliant with the law, but will definitely subvert it’s intent and purpose however it can.
Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.
That could depend on how the regulation is written, so we should push to have these new regulations cover all users of services hosted in our countries.
It’s not like companies that use Linux don’t get breached either. Your personal data is in thousands of databases that have varying levels of security. Personal choices don’t affect any of that, regulations like GDPR are what’s needed.
getting breached is different from using spyware.
GDPR has much the same problem: it can only actually be enforced against entities with a presence in Europe. When Europeans do international business, the GDPR only protects them if that foreign site has a business presence within Europe. When they have no bank accounts or business assets inside the EU, they are not subject to the GDPR.
Even though the GDPR covers your side, it doesn’t always cover the other side.
That’s why I said “regulations like the GDPR”. The US and other blocs need similar regulations. Especially the US is important, as they’ve shown that they’re willing to stretch the size of their jurisdiction to sometimes absurd lengths.
That’s usually a bad thing, but in this case that might be good.
I think you missed my point…
I am not subject to the GDPR. I don’t have to abide by it. Even if my country adopted a GDPR-like regulation, that regulation would only apply to my privacy. Not yours.
Microsoft has proven themselves overtly hostile to privacy. Yours, mine, and everyone’s. The available options are:
Attempt to regulate them into behaving like decent human beings.
Avoid their business.
When my therapist is using a system that is overtly hostile to their privacy and mine, the solution is not to ask the government to chastise their attacker. The solution is to eliminate their reliance on their attacker, and get them in a system the attacker doesn’t control.
I’m not saying we should avoid GDPR-like regulation altogether. I’m saying that at the OS level, Linux is intrinsically compliant with the intent of such regulation but may not comply with the letter, if the letter requires some sort of affirmative confirmation or certification of compliance that would be complicated for the developer to implement.
Microsoft will be able to be technically compliant with the law, but will definitely subvert it’s intent and purpose however it can.
That could depend on how the regulation is written, so we should push to have these new regulations cover all users of services hosted in our countries.