This is the original article (linked from The Verge one) and is much clearer:
> Bluesky, the rapidly growing social media platform, is violating EU regulations by failing to disclose important details, a European Commission spokesperson told reporters during a daily briefing on Monday.
> “All platforms in the EU even the smallest ones which are below the threshold, which is the case for Bluesky, have to have a dedicated page on their website where it says how many user numbers they have in the EU and where they are legally established. This is not the case for Bluesky as of today,” the spokesperson said.
> But since Bluesky isn’t yet big enough to be considered a “very large online platform” under the DSA, the regulator says it can’t regulate Bluesky the way it does X or Threads.
So are they breaking the law or aren't they? Sounds like they aren't but the EU wants to be on their back anyway.
I thought the article was pretty clear: they are breaking rules (not laws, FWIW) but are not yet big enough for the EU to do anything about it. At their current growth trajectory they will soon. The EU statement seems to just be an anticipation of the inevitable.
> Sounds like they aren't but the EU wants to be on their back anyway.
> The regulator hasn’t reached out to Bluesky directly, yet, The Financial Times writes.
I think no on is on anyones back, they just follow standard procedure more or less.
There is a new "growing" platforms which might be affected by such regulations and they just want to make sure what their state is and under which legal aspects they operate (e.g. if they have any EU offices onto which they should base official communication).
The things pointed out by the article are also non issues:
- a missing statistic about EU users which you need once you have a certain size but practically kinda should have before _to show you have not quite yet that size_. But that is somewhat of a nothing burger, you add it when needed and as long as there is no reason to believe you acted with malicious intend it's unlikely to involve any penalties.
- regulation related to moderation, non issue as Bsky enforces their AGB and that already fulfills more or less all moderation requirements (maybe not some increased reporting requirements for larger companies, but like said they don't count as such yet)
So IMHO a nothing burger.
My guess is various news paper made "official" information/press requests to some EU institutes asking if Bsky complies with this or that and stuff like that and then created a issue from atm. more or less nothing. Wonder if it was with malicious intend.
I'm not saying this doesn't happen, but I also think it's genuinely difficult to write policies that apply to technical systems that don't exist at the time of writing and which are also clear enough that regulators, courts, and the relevant parties within tech companies all understand what they mean, what they imply about technical systems, etc.
With respect to much older law, e.g. copyright, I think we still haven't fully interpreted what constitutes "copying" or "distributing" in a digital context.
With respect to data privacy, though I was part of a team that was responsible for ensuring my company met GDPR obligations, it's still not clear to me what really constitutes deletion or erasure for these purposes. What if my DB doesn't delete stuff on disk immediately but marks some records with an in-memory tombstone, so normal DB queries will no longer return the record but files containing the record do still exist? Am I obliged to delete all DB backups when any individual exercises their deletion rights? If my datalake uses columnar files that record events (e.g. clickstream data) from many users, every time any user exercises their deletion rights, do I have to re-write all the files that included any event from them? To find all files containing a user efficiently, I'd probably need to start indexing by user, which if anything puts my team on the path to using user-specific data more intensively going forward. Or is it sufficient to mark their ID in a "forgotten" file and ensure that datalake results do not include information from their records, though the records are in principle still readable? If you didn't have a good systems/data engineer participating in the drafting of the policy, it's easy for a regulator to just write "delete" without thinking through what the actual definition should be, and what the implications are.
So… EU regulations are about "protecting users privacy"… but requires you to know how many of your users are EU-based, and publicly report it ?
I don’t know about you, but "country of residence" is the kind of private information but I’d rather not be collected unless good reasons. Requiring to collect it seems rather antithetical to "protecting user privacy".
> 1. It puts Bluesky on notice that they need to watch their numbers
can't be as they haven't reached out to Bluesky, can't put someone on notice without communicating with them
this articles seems to be based on newpapers doing "press requests" not any EU institution initiating actions, some parts can outright be read as "what is Bsky, we should find out if it is relevant if we get press requests about it, where is their office again?"
> 2. It preempts accusations of unfair application of the rules
I'm not sure where such accusations should come from. I don't thing any related EU regulatory organizations care about what people in the US thing about supposedly unfair treatment of X compared to Bsky.
> 3. It reminds Blusky that if they trade internationally they need to "do as Romans do".
which only makes sense if they communicate with them but the only communication flow seem to have been the Financial Times asking some regulators. So I don't think so.
It's a variation on "Premature Optimization Is the Root of All Evil". Focus on what actually matters for your startup. If for some reason some EU regulator actually comes knocking, you're most likely big enough to mean you've created a successful startup.
Then you just say "Sorry!" and you implement what they want.
This is probably different if your company is in the EU, but this is my North American point of view.
Who cares. Everyone should collectively turn their websites off in the EU, so that they can continue to suffer in mediocrity. The EU doesn’t have to deal with their own laws because they don’t innovate or produce anything.
It can go both ways. Just because a company has done something that deserves to be regulated does not mean the regulation itself is a good way of accomplishing that. For what it is worth, I think the EU for the most part is doing alright in some places with some severe missteps as far as encryption and privacy goes.
I've honestly been pretty happy with it. It gives developers the ability to push back on shirt practices with "do you want to lose access to the European market?" Having that in the tool belt is very handy
Counter-point: as a programmer and data engineering working with large and small companies, GDPR has been of massive help to me, as the clients have now the concepts coined and I can back my stances with legal texts when it comes to protecting people data.
Not really. The methods companies use to skirt around the EU regulation has been the actual disaster. Case in point: The EU never mandated the cookie popups that proliferate the web. They simply passed common sense regulation about user tracking. But there's too much money to be made tracking your every move on the internet, so along came the popups that convince you to allow yourself to be tracked. Every time I see one I'm reminded of how relentlessly exploitative the modern web is, not how mistaken the EU are.
I'd say those are unintended consequences and should have been taken into account. The effective result of the regulation appears to be just to have added annoying popups and close to zero change in company behavior.
You have third party data brokers in the US which has everyone's data and sells it to anyone, you don't have that in the EU. I'd say that is a pretty big change.
There’s an open question of who is to blame when poorly written legislation causes companies (with fiduciary responsibility to their shareholders) find ways to follow the letter of the law but not the intent and create end results that are worse for the public.
The American perspective tends to be that if millions of users are suffering because thousands of companies are interpreting the laws created by a single legislature, we should tell that one legislature to fix their shit. (Note: not that they actually do fix their shit, but that’s who we yell at)
The European perspective tends to be that the thousands of companies should each be individually yelled at to fix their shit (Note: not that they actually do fix their shit, but that’s who they yell at)
Neither way is all that effective tbh. But looking at the end results, I must say I prefer using the internet outside of the EU. I always use private browsing, and the implementation of EU rules when browsing the web in Europe makes this an absolutely insufferable experience. Pages and pages of legalese I have to click through to access a single google result - when guess what, none of that applies because I’m browsing in private. The natural response for me would be to then disable private browsing and let google store its “you clicked through our bullshit” cookie to make my life easier — resulting in the exact opposite of the intended effect of the law.
Like I said, neither side is perfect, but using the internet “privately” is actually much easier outside of the EU vs in it. To me, that means we need to yell at the legislature. Opinions may very.
I have forgotten the recent example, but there are sites that don't have a banner at all because they don't track users and others that see the Do-Not-Track header and replace the banner with a discreet acknowledgement.
Good point, a reasonable response to the who debacle would be to get the legislature to mandate that a HTTP headset similar to do-not-track must be configurable on a browser basis and all requests that hold it must be seamlessly executed as if the user had pressed the “do not agree” button previously.
The question who is not breaking EU rules?
The funny thing, when there is penalty let's say $100M, all these funds going to the government to spend more for another regulations. Never ending loop. User doesn't receive anything.
The EU’s own website has the same banner message asking for analytic cookies, it’s just a poorly designed and executed regulation like many in the EU revolving around tech.
Longest period of peace in Europe seems like a pretty big achievement, even if many of us don't even know what it's like to live through wars in Europe. On a smaller scale, having a single currency, no roaming fees, traveling and working everywhere without worrying about tourist or a working Viswa is pretty big too.
Easy to forget about many of these things as we just take these as a given baseline.
>Regnier reportedly went on to say that the commission has asked the EU’s 27 national governments to look for “any trace of Bluesky” like EU-based offices. The regulator hasn’t reached out to Bluesky directly, yet, The Financial Times writes.
>But since Bluesky isn’t yet big enough to be considered a “very large online platform” under the DSA, the regulator says it can’t regulate Bluesky the way it does X or Threads.
So it sounds like they are 'breaking' rules that don't even yet apply to them?
This is the original article (linked from The Verge one) and is much clearer:
> Bluesky, the rapidly growing social media platform, is violating EU regulations by failing to disclose important details, a European Commission spokesperson told reporters during a daily briefing on Monday.
> “All platforms in the EU even the smallest ones which are below the threshold, which is the case for Bluesky, have to have a dedicated page on their website where it says how many user numbers they have in the EU and where they are legally established. This is not the case for Bluesky as of today,” the spokesperson said.
reply