> EU legislation doesn’t stifle innovation. It stifles abuse of technology.
Honestly, my biggest complaints with EU software legislation are:
1. It doesn't scale down to tiny non-commercial or barely-commercial activities.
2. It theoretically proposes penalties on private people outside the EU (even though they are rarely imposed?).
3. I have no vote or representation.
For example, I used to provide tiny, free web apps that performed useful tasks. These often had fewer than 100 users, and they kept no information that wasn't strictly necessary. But if you emailed me about them, I might not respond within a month, especially if I was traveling or something. The GDPR requires 30-day turnarounds for lots of stuff. I shut down all of these apps, because some of my users might have been in the EU? And I won't be releasing any more free web tools. It's all CLI now.
Similarly, I host a small web forum in the US, and we have some EU users. We keep no information beyond that required to run a web forum. If you ask the moderators to delete all your posts on August 1st, well, I hope someone took their computer on vacation.
Similarly, I maintain a couple of open source projects. Many of these are paid for by an employer, who makes the code available for free. In the past, I have occasionally added a feature to one of my projects as a consulting project for someone. But reading through https://www.techradar.com/pro/the-eus-product-liability-dire..., I see that I am now likely to have personal liability for my open source projects, towards people who have never paid me a cent. Sure, I do have liability towards the rare consulting customer who actually paid for something, which is carefully negotiated in our contract. But in the future, some random EU company I've never heard of will likely be able to use my software, pay me nothing, and make me liable? It's very hard to tell with current drafts.
And I have at least one open source AI tool on GitHub, that's of no use to anyone. But I suppose I'll need to read the EU AI laws now, too.
Sometimes I just want to build useful stuff (web apps, forums, open source tools) and give it away for free. But if I have any European users, I may get entangled in complex European laws. Honestly, there's zero upside for me supporting EU users, because I'm not benefiting from them, and I keep having to read hundreds of pages of incredibly vague laws in multiple languages.
If the Product Liability Directive goes through in its current form, and if GitHub offers me a way to block EU downloads, I'll probably use it. I am not interested in supporting or encouraging commerical EU users who have never paid me anything.
GDPR doesn't apply for entities outside EU if they aren't specifically targetting services at individuals in the EU (which can be indicated by using EU domains, supporting EU currencies, supporting EU languages or mentioning EU customers in promotional materials).
this is not completely correct. GDPR applies to (among others) „ a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.“ - if you have an accidental EU customer it applies to you. Also if you have an US customer who is temporarily in the EU. https://commission.europa.eu/law/law-topic/data-protection/r...
I'm pretty sure I've provided French localization for some of my software at some point, just on a whim. Which is an EU language. And I know that some of my non-EU users of free, online tools have travelled to Europe occasionally. So I guess I was subject to the GDPR, until I took all my web tools offline?
Sure, I never tracked any information except what was absolutely necessary. No email address, no IPs, just logins, passwords, and data saved by the user. But that still means:
- I needed to respond to several kinds of emails within 30 days, even if I was on vacation.
- I needed to understand the frustratingly vague and abstract language of the GPDR.
- I was subject to 27 different data regulators, not all of whom provided information in languages I could read, I don't think?
As a non-EU resident, I have zero vote in any of this. I make zero money off of anyone in the EU. I would happily ignore the EU entirely, or allow EU users to download my stuff and to figure out their own laws.
But the EU claims jurisdiction over foreign nationals, even though we have no vote, no representation, and no commercial presence. There is precisely zero upside for me here.
And with the Product Liability Directive, it looks like the EU might impose personal liability on me as an open source author who occasionally consults for US companies. Which, since nobody in the EU is paying me a cent, I have no interest in assuming. If the final PLD is bad enough, I guess I can try to block downloads from European IPs or something.
If these laws were limited to real companies with an actual presence in Europe, I'd feel very differently. But extraterritorial laws for private citizens are gross.
Honestly, my biggest complaints with EU software legislation are:
1. It doesn't scale down to tiny non-commercial or barely-commercial activities.
2. It theoretically proposes penalties on private people outside the EU (even though they are rarely imposed?).
3. I have no vote or representation.
For example, I used to provide tiny, free web apps that performed useful tasks. These often had fewer than 100 users, and they kept no information that wasn't strictly necessary. But if you emailed me about them, I might not respond within a month, especially if I was traveling or something. The GDPR requires 30-day turnarounds for lots of stuff. I shut down all of these apps, because some of my users might have been in the EU? And I won't be releasing any more free web tools. It's all CLI now.
Similarly, I host a small web forum in the US, and we have some EU users. We keep no information beyond that required to run a web forum. If you ask the moderators to delete all your posts on August 1st, well, I hope someone took their computer on vacation.
Similarly, I maintain a couple of open source projects. Many of these are paid for by an employer, who makes the code available for free. In the past, I have occasionally added a feature to one of my projects as a consulting project for someone. But reading through https://www.techradar.com/pro/the-eus-product-liability-dire..., I see that I am now likely to have personal liability for my open source projects, towards people who have never paid me a cent. Sure, I do have liability towards the rare consulting customer who actually paid for something, which is carefully negotiated in our contract. But in the future, some random EU company I've never heard of will likely be able to use my software, pay me nothing, and make me liable? It's very hard to tell with current drafts.
And I have at least one open source AI tool on GitHub, that's of no use to anyone. But I suppose I'll need to read the EU AI laws now, too.
Sometimes I just want to build useful stuff (web apps, forums, open source tools) and give it away for free. But if I have any European users, I may get entangled in complex European laws. Honestly, there's zero upside for me supporting EU users, because I'm not benefiting from them, and I keep having to read hundreds of pages of incredibly vague laws in multiple languages.
If the Product Liability Directive goes through in its current form, and if GitHub offers me a way to block EU downloads, I'll probably use it. I am not interested in supporting or encouraging commerical EU users who have never paid me anything.