Idly pondering if instances setting terms of use to prevent Meta from using data of users of those instances is a sensible plan.
Does federating with an instance require acceptance of terms put forward by that instance, and if yes, why?
If yes, is that desirable that every admin needs to read the terms of every server with which their instance federates? That sounds horrific.
Do admins have money to enforce a breach? Many seem to be just scraping by to support their infrastructure.
Is data protection law enough? In the EU and UK, possibly, but what about elsewhere? Given that Meta has been the subject of almost constant DP enforcement action for years, quite possibly not.
Is it the case that non-compliance with an instance’s terms is computer misuse or the like? Potential criminal sanctions for admins which don’t read and comply with every other instance’s divergent and potentially regularly changing terms?
This needs careful, considered, multi-jurisdictional analysis. Or, at the very least, specific analysis for the territories in which either or both the most concerned instances operate and in which Facebook / Meta operates.
I also wonder if this is an instance-level thing, or a user-level thing (for example, such as each use putting in their bio that they object to processing of their personal data for direct marketing purposes, and other purposes)?
@neil Thanks for kicking this of, I'm very interested in what #lawfedi and others have to say about this! California and GDPR analysis would be extremely useful in the short term.
I'm also interested in what protections instances that *don't* federate with Meta can add. One of the arguments I've heard is "they can just scrape everything, even the stuff that's not public" (by creating bot accounts). But bot accounts require agreeing to a TOS, so it seems like something could be done there?
@jdp23 @neil unfortunately i think most of the legal structures involved here are limited to the context of distribution… it’s easier to say that Meta cannot DISTRIBUTE posts (or datasets derived from posts) for certain commercial purposes. but if somebody else (e.g. your instance) is distributing the posts TO Meta, and Meta is simply building an internal dataset using that data but NOT distributing it (just using it to sell ads), the surface area for enforcing some kind of terms of use is a lot smaller. your instance is the one giving them the information, after all (and we don’t want your instance to be the one accumulating legal liability while Meta gets off free)
the situation might be different if mastodon instances required an affirmative agreement to a terms of use BEFORE they started federating out information to a server, but that isn’t the reality right now. trying to enforce terms on mastodon posts under the current model is akin to sending someone an email and saying “by reading this email you agree to X, Y, and Z”. they haven’t agreed, and if you wanted them to, you shouldn’t have sent the email until they did
@Lady The reality right now is likely to change. Meta's reportedly going to require instances that federate with it to sign some legal agreement -- it's not confirmed but it makes makes sense from their perspective. Those instances then may need to put requirements on instances federating with them. Conversley instances that distrust meta may want to put some legal requirements on any instances that federate with them.
@neil