Search This Blog

Monday 28 November 2022

Legal Adventures in the Fediverse

Joining the fediverse has jolted my legal brain into gear over some esoteric questions (listed below). These largely turn on the fact that, unlike in Web 2.0 offerings, such as Blogger or Twitter, there is no central service provider hosting/operating the service on its own servers. In the fediverse, separate sites (or 'instances') can interoperate because they are running the same standardised, open software (e.g. Mastodon) which itself relies on the same standardised, open protocol (Activity Pub, in the case of Mastodon):
Mastodon websites are operated by different people or organizations completely independently. Mastodon does not implement any monetization strategies in the software. 
Some server operators choose to offer paid accounts, some server operators are companies who can utilize their existing infrastructure, some server operators rely on crowdfunding from their users via Patreon and similar services, and some server operators are just paying out-of-pocket for a personal server for themselves and maybe some friends. So if you want to support the server hosting your account, check if it offers a way to donate. 
Mastodon development is likewise crowdfunded via Patreon and via OpenCollective. No venture capital is involved.
Perhaps this is no different to independent website owners building their own websites using a standardised website template provider (e.g. Wix), but the interoperability does seem a significant additional factor to consider. That's like email, which again could be provided by a centralised email service provider (e.g. Microsoft's hotmail) or your employer. Equally, the fact that each site or 'instance' could be self-hosted is similar to websites and email, yet most users choose their site to be hosted with the operator of a server or instance that hosts many sites (e.g. mastodon.world or mastodon.social). Some instances are open to anyone, while others are targeted at, say, residents of Glasgow. 

I think this just involves a sense-check against the regulatory regime of where the relevant fediverse instance and any users that it actively solicits are based. Here's a flavour of some of the issues:
  • How does a user proceed if the developer of the relevant communication software somehow fails to ensure the software runs as promised in the documentation?
  • Who is responsible for the integrity of the protocol on which the software is based?
  • Do fediverse instances based in the EU with UK resident users but no offices, branches or other establishments in the UK need to appoint a UK representative under UK GDPR (and vice versa!)?
  • Is each 'instance' in the fediverse ready for the EU's Digital Services Act (exemptions for micro/small enterprises will help)?
  • If each 'instance' in the fediverse can be an Intermediary service, online platform or e-commerce platform under the Digital Services Act (see prior post), then they could grow to be 'gatekeepers' under the EU Digital Markets Act.
  • How are fediverse instances treated for the purposes of  'reverse solicitation' analysis - i.e. whether you are treated as doing business in another jurisdiction where users are based, as opposed to where the instance is based?
If you need assistance with any of these issues, please let me know.

No comments:

Post a Comment