No Privacy Policy in D tools (dmd, dub, phobos, etc)

[Adam Wilson]

On Wednesday, 24 January 2024 at 13:07:26 UTC, Arafel wrote:
> IANAL, so I have no idea of how this applies to the DLF, who I 
> assume sits in the US, but I thought it might be of interest.

IANAL either, but I did the GDPR compliance engineering for my 
teams product at MSFT. The basic principle is that, unless the 
service is physically hosted in the EU, GDPR has no legal force. 
If a European connects to a US hosted service, they can have no 
legal expectation that GDPR regulations will be followed and if 
they do it is as a courtesy and no action may be brought under 
the GDPR.

IIRC, the EU originally tried to write the law as "any service 
that any European connects to must comply", but I think someone 
somewhere along the way pointed at that most of these services 
were held in the US and the most effective way to "comply" was to 
simply block EU IPs until the engineering work was completed (if 
the company had any compelling reason to stay accessible in the 
EU market). And enforcement would be impossible without US 
support and they got a hard "no" on that.

When I was doing this for MSFT, we just held off deploying our 
product into the EU datacenters and product offerings until the 
engineering and documentation was complete. Took a year of my 
life that work did.

For my current project, our non-US plans consist of "block their 
IPs." GDPR is a massive capital sink for an small business.