# Following on from the GDPR discussion yesterday, and as Sebastian notes, in addition to the legality of processing personal data there is also an ethical consideration. Should you do it? Is it justified? Is it right?

The goal of the indieweb is to enable cross-site communication, primarily via webmentions, and the explicit sending of a mention from one site to another implies consent to display its contents on the target site.

Sebastian's primary focus, however, was on "backfeeding" replies from social networks and the problems you have notifying those replying that their data will be used and displayed elsewhere. You realistically can't unless the networks have indieweb considerations built in. They won't.

While they might have a clause in their terms and conditions that says your data might be used by third parties is this enough? Would aggregating replies by means other than the official API, where you couldn't match all of the processing requirements, even be caught by such a clause? Probably not.

Perhaps the best course is to play it safe and not backfeed.

It becomes trickier, however, when a service like micro.blog sends webmentions automatically on behalf of its users.

There is a definite crossover between indieweb proponents and micro.blog users and many will be fully aware of the underpinnings of the service. But with the backlash against the major social networks in some quarters more people are looking for an alternative and have been joining micro.blog without necessarily realising how it operates.

Are the underpinnings made apparent to users? Does there need to be an option to exclude your account from sending webmentions, especially to external blogs? Are comments made in the seemingly limited environment of the micro.blog timeline fair game out on the open web and does their "public" nature (thanks to effectively being blog comments) make them so? Further, should we as bloggers automatically publish these responses?

Micro.blog occupies a unique position which creates a problem of perception. Its primary service might be blog hosting but the primary interaction is via a social network style timeline. This will quite obviously colour the expectations of both the service and the data placed within it for those unaware of its design.

I've tried various comment aggregation tools over the years but traffic was only one way. Manton has created something wonderful in micro.blog, something that, when combined with the indieweb, I realise I've been after for a long time without necessarily knowing exactly what it was.

Sebastian's essay, however, gave me pause for thought, should give us all pause for thought. As does the GDPR and the ongoing conversation.

It's very much a case of "just because we can it doesn't mean we should" - an approach that ought to be adopted by much of the tech industry.

  1. hjertnes says: #
    the most important thing about gdpr and data is whether you need to do "that" to do what ever your product/service core task is
    1. Colin Walker says: #
      Definitely agree on that point but it’s not just those to whom the GDPR applies. With regards to a blog we don’t “need” responses backfed but it makes life a lot easier. But if we apply that principle then a lot of what the indieweb is about immediately goes away. We need to draw lines somewhere and have better policies about what gets sent where.
  2. hjertnes says: #
    gdpr should not stop stuff, but instead make it transparent and require consent from users

Leave a Reply

Your email address will not be published.