CrocoDuck wrote:My impression is that it is not a danger for Open Source projects.
I agree I'm not too alarmed by it.
It is true, however, that the additional rules pose a risk for people hosting things online, and this puts 'community' projects like most Open Source initiatives at a disadvantage. After all, those typically don't have a legal team to reduce the risk of accidentally running afoul of any of the rules.
CrocoDuck wrote:I think there would be the grounds (for few things maybe) to hold phpBB liable, not Linux Musicians (or any other forum maintainer), as they are providing the technology. But I am no lawyer, so I have no idea, really.
Hmm, if that were true I would call that a "risk to open source", since it would mean it's suddenly dangerous to publish your forum software online because other people may use it and violate the GDPR with it. I don't think it works like that though. I do agree in case of a dispute I could claim "I used the widely used phpBB software so I could reasonably assume the relevant boxes to be checked", as long as I did everything in my power to fix it once it became clear that it didn't.
CrocoDuck wrote:An example of possibly unmarked box for this forum could be the fact that every single track of an user has to be erasable on the user request. So, as an EU resident now, I have the right to ask Linux Musicians to delete -all- the stuff that relates to me here.
One complication here that legally, I don't think there is such a thing as 'Linux Musicians' as a legal entity. As far as I understand, the GDPR may apply to individuals as well, but not for 'household activities'. I guess it is a bit of a stretch to call maintaining this forum a 'household activity' (though maybe?), so people would have to come after me or the moderation team personally.
CrocoDuck wrote:Also all posts. And Linux Musicians would have a certain time limit to comply. Again, I am not lawyer, but if this is a technical issue adding a note in our signature that says "This post is licensed under whatever-license" should perhaps fix it? At that point the posts would be published work, protected by a license, not personal data on a website.
Actually when someone requests his account to be deleted, I always ask whether it is OK to keep his/her posts: phpBB allows deleting users either with or without their posts. So I think we're already OK here as well.