Freyadoe Posted January 31, 2019 Share Posted January 31, 2019 Hello all. This is not the first theme here, but I would like to make it clear for myself first. Sometimes it's pain to catch someone online. For business purposes, or just see friends who are online and when, to do not stay online 24/7. Any technology can be used as positively, as negatively. So such trackers can be on the blade edge. ToS has next sentences: Quote (iii) Stalk, harass, or engage in any sexual, suggestive, lewd, lascivious, or otherwise inappropriate conduct with minors on the Service; (i) Post or transmit viruses, Trojan horses, worms, spyware, time bombs, cancelbots, or other computer programming routines that may harm the Service or interests or rights of other users, or that may harvest or collect any data or information about other users without their consent; So, as for me, if an user gives agreement to be tracked, that will be not against ToS. But if tracking will be used for harassment, without users consent - that will be against ToS. Am I right? If yes, so I can create and sell such trackers (yes, I know that some of them are selling into Marketplace, but I want create and sell the own own, fully legally) if I will put license agreement that users cannot use tracker against someone's consent. As cannot use that for any harassment and so on. Can someone confirm that or correct me? Link to comment Share on other sites More sharing options...
Wulfie Reanimator Posted January 31, 2019 Share Posted January 31, 2019 (edited) My interpretation is that "online status" is public information, so having scripts report it to you is not breaking any TOS. I don't think it qualifies as "data or information about other users." As for the first bit, the way it's written kind of makes it sound like everything there only applies to minors. (disregard common sense) You'd have to prove intent anyway, having an online status checker can be used or abused, like you said, but you're not going to get in trouble if your intentions are clearly not bad. If you're not doing anything that bothers the other user and remove the tracker if asked, I think you'll be safe. Edited January 31, 2019 by Wulfie Reanimator Link to comment Share on other sites More sharing options...
Rolig Loon Posted January 31, 2019 Share Posted January 31, 2019 Online status is public information. It is very easy to obtain. You can either write a very simple LSL script or you can see whether members of any group that you belong to are also on line by just opening the group's profile. You can also send anyone an IM and see whether you get a "user not on line" message. All of those are perfectly legal within the TOS. They have nothing to do with "tracking", which means monitoring where a person is in SL. We get this same question several times a year. The answer is always the same. 1 Link to comment Share on other sites More sharing options...
Freyadoe Posted January 31, 2019 Author Share Posted January 31, 2019 Rolig Loon, thank you very much for your explicit answer. I've find such previous questions, but not with such explicit answer. Hope it will stop all further same questions. Link to comment Share on other sites More sharing options...
Kyrah Abattoir Posted January 31, 2019 Share Posted January 31, 2019 This is my interpretation but... An avatar is not a user. The person controlling it is. 1 Link to comment Share on other sites More sharing options...
steph Arnott Posted February 4, 2019 Share Posted February 4, 2019 On 1/31/2019 at 2:51 PM, Kyrah Abattoir said: This is my interpretation but... An avatar is not a user. The person controlling it is. The avatar is the person by legal definition. It is no different than you using an online name in a chat room promoting illegal actions, you are still liabal for arrest if it breaks the laws in country you dwell in. By law your chosen avatars are you because they are an AKA. Under ToS, tracking agents is only a violation if falls within relievent legal statutes. In short, asking for permission and that person being able to revoke it any time removes all liability. Link to comment Share on other sites More sharing options...
Kyrah Abattoir Posted February 6, 2019 Share Posted February 6, 2019 And how does that relate in any way to the question asked by the OP? Oh right, it doesnt. OP was asking if staking an avatar counts as stalking "them" as a person. Given that a person can have multiple avatars, and that multiple people can use the same avatar. The answer is no. Avatars are linden lab's property and their online status is public information for any secondlife script. Link to comment Share on other sites More sharing options...
steph Arnott Posted February 6, 2019 Share Posted February 6, 2019 4 minutes ago, Kyrah Abattoir said: And how does that relate in any way to the question asked by the OP? Oh right, it doesnt. OP was asking if staking an avatar counts as stalking "them" as a person. Given that a person can have multiple avatars, and that multiple people can use the same avatar. The answer is no. Avatars are linden lab's property and their online status is public information for any secondlife script. Have you ever read the TOS? I gather not. You also may want to look at state, country and international law in regards to the subject. The US and EU alone have recently past laws. Have a good day. 1 Link to comment Share on other sites More sharing options...
Fionalein Posted February 6, 2019 Share Posted February 6, 2019 (edited) 12 minutes ago, Kyrah Abattoir said: The answer is no. Avatars are linden lab's property and their online status is public information for any secondlife script. That is a pretty shortsighted answer. There is a difference between checking if somone is online (might have legit reasons as sending updates) and profiling as in "keeping timetables about online activity" I am pretty sure in several countries one is allowed and the other isn't... Edited February 6, 2019 by Fionalein 1 Link to comment Share on other sites More sharing options...
Estelle Pienaar Posted February 6, 2019 Share Posted February 6, 2019 I am not a total expert for EU data protection laws but LL needs to be in line with it in order to operate in Europe. I see many typical American reasoning here. As far as I know it is forbidden to collect and process personal data in the EU EVEN IF it is publicly available as long as there is no consent. Now, where there's no plaintiff, there's no judge. Also I am not sure if you can define data as "personal" as long as you don't know theidentity of the person. But let's say that I collect a lot of data about the SL online life of @Kyrah Abattoir (for the sake of an example): this might be valuable information as soon as I can connect this data at a later stage to a RL person. So does this information become only personal when I make the connection or already when there is a chance that I might make such a connection in the future? I leave the answer to the lawyers... Link to comment Share on other sites More sharing options...
Kyrah Abattoir Posted February 6, 2019 Share Posted February 6, 2019 1 minute ago, Estelle Pienaar said: I am not a total expert for EU data protection laws but LL needs to be in line with it in order to operate in Europe. I see many typical American reasoning here. As far as I know it is forbidden to collect and process personal data in the EU EVEN IF it is publicly available as long as there is no consent. Now, where there's no plaintiff, there's no judge. Also I am not sure if you can define data as "personal" as long as you don't know theidentity of the person. But let's say that I collect a lot of data about the SL online life of @Kyrah Abattoir (for the sake of an example): this might be valuable information as soon as I can connect this data at a later stage to a RL person. So does this information become only personal when I make the connection or already when there is a chance that I might make such a connection in the future? I leave the answer to the lawyers... That's the thing, avatars offer no way to personally identifiable their user, they are only relevant within SecondLife and their online status is not an indication that their user is indeed at the keyboard (In the hypothesis that this could be considered a personal information). 1 Link to comment Share on other sites More sharing options...
steph Arnott Posted February 6, 2019 Share Posted February 6, 2019 2 minutes ago, Kyrah Abattoir said: That's the thing, avatars offer no way to personally identifiable their user, they are only relevant within SecondLife and their online status is not an indication that their user is indeed at the keyboard (In the hypothesis that this could be considered a personal information). They have registered as a human being. With a tracable server address, many with bank details etc. Link to comment Share on other sites More sharing options...
Qie Niangao Posted February 6, 2019 Share Posted February 6, 2019 (edited) IANAL, etc., but I think we're getting a little carried away with trying to interpret the terms of the GDPR in the abstract, when in fact LL will have already constrained the range of what anybody can claim "private" information once they've agreed to the Second Life Terms of Service. LL's lawyers may need to further jockey the language, but however the Terms of Service are stated, by their agreement users consent to the ToS's definition of what information in the service is "private" and what isn't. Users can't suddenly turn around and object to collection of data to which they consented by agreeing to the ToS (well, other than special "forgetting" conditions, I suppose). So I think the OP is correct to focus on the ToS. (It's nice the EU is focusing on privacy and all, but personally, I'm way more concerned with what services should be forced to disclose. I think Facebook, for example, should be required to provide publicly accessible data about every ad and other targeted content, including the identity of the buyer and full details of what targeting criteria were specified. That won't stop unpaid chaff from bot accounts but would have given ProPublica a fair shot at discovering Cambridge Analytica's treachery, for example, and would force Brad Parscale to find new ways to undermine democracy in 2020.) Edited February 6, 2019 by Qie Niangao (possessive not really possessive) Link to comment Share on other sites More sharing options...
Alyona Su Posted February 6, 2019 Share Posted February 6, 2019 5 hours ago, Estelle Pienaar said: I see many typical American reasoning here. As far as I know it is forbidden to collect and process personal data in the EU EVEN IF it is publicly available as long as there is no consent. That may be. Though a country's laws and regulations reach only as far as its borders. So, hypothetically speaking, if my tracking your online time without your consent is illegal in EU then so be it. But if I am not in the EU where that may be the law then too bad for you: that law is unenforceable. So then the question regarding Linden Lab being "in the EU" - but they are not in the EU. They are in the U.S. What they do is allow *access* from the EU. Meaning they can simply block you as an EU user and not worry about any law you complain about. If they have actual servers operating in the EU then only whatever part of their business that uses those servers is under those regulations. Now, let us take a step back and proclaim everything I've said as just a bunch of hot air. Whatever it is then, it is every bit as accurate and authentic as everyone else's contribution. ~laffs~ Link to comment Share on other sites More sharing options...
Fionalein Posted February 6, 2019 Share Posted February 6, 2019 1 minute ago, Alyona Su said: So then the question regarding Linden Lab being "in the EU" - but they are not in the EU. They are in the U.S. What they do is allow *access* from the EU. Meaning they can simply block you as an EU user and not worry about any law you complain about. If they have actual servers operating in the EU then only whatever part of their business that uses those servers is under those regulations. See it is the same silly argument wether the Lab must comply to the GDPR... it does not really matter as the Lab already chose to comply to GDPR... Link to comment Share on other sites More sharing options...
Estelle Pienaar Posted February 6, 2019 Share Posted February 6, 2019 (edited) I guess we can agree on the fact that this not a scripting question. A forum for legal questions would be necessary. For the reasons that Kyrah mentioned, I have decided to continue ignoring the question of consent. If this ever becomes a thing, I am sure that we will learn about it... 😉 Edited February 6, 2019 by Estelle Pienaar Link to comment Share on other sites More sharing options...
Alyona Su Posted February 6, 2019 Share Posted February 6, 2019 27 minutes ago, Fionalein said: See it is the same silly argument wether the Lab must comply to the GDPR... it does not really matter as the Lab already chose to comply to GDPR... Yes, precisely. Though only for those connecting from inside the EU (which is fine by me). LOL Though the OP question was regarding TOS, to which the answer is "no" - it is not against TOS to track your online time. As for any EU laws that block it: well, it blocks it if you are in the EU tracking the online time of someone else in the EU, but it doesn't apply to me. Bahaha! Link to comment Share on other sites More sharing options...
Estelle Pienaar Posted February 6, 2019 Share Posted February 6, 2019 (edited) 39 minutes ago, Alyona Su said: Yes, precisely. Though only for those connecting from inside the EU (which is fine by me). LOL Though the OP question was regarding TOS, to which the answer is "no" - it is not against TOS to track your online time. As for any EU laws that block it: well, it blocks it if you are in the EU tracking the online time of someone else in the EU, but it doesn't apply to me. Bahaha! It's not important and it does not have practical consequences, but the statement is probably not correct. If the Lab wants to cater to European customers it has not only to respect European laws but to ensure that people who use SL technology from all over the world do not breach European laws. As I have said before it is probably not having practical consequences at the moment. That doesn't change the fact that LL will interpret the TOS differently to your opinion as soon as there is a concrete plaintiff. If not, then they would be liable for the breach of law that their technology enabled someone to put into practice and that their TOS didn't rule out. And which company would ever want to be liable. I don't have to be lawyer to understand that number one principle... To avoid talking in circles and hearing your argument again: it is complete bananas if LL is having its headquarters in the US, Siberia or Australia. They have to respect the laws of the countries in which they offer their services or they can be held liable. Edited February 6, 2019 by Estelle Pienaar Link to comment Share on other sites More sharing options...
Alyona Su Posted February 6, 2019 Share Posted February 6, 2019 (edited) 12 minutes ago, Estelle Pienaar said: If the Lab wants to cater to European customers it has not only to respect European laws but to ensure that people who use SL technology from all over the world do not breach European laws. As I have said before it is probably not having practical consequences at the moment. This is the part of your statement that is unenforceable and here is why: I never agreed to anything that has to do with EU laws or regulations when I signed up for SL and neither does it say in their TOS that I must obey EU laws and regulations in order to use SL. This is all I'm saying: EU laws are unenforceable outside the EU, just as U.S. laws are unenforceable outside the U.S. In order to allow EU people into SL they abide by EU laws *for EU people*, no one else. It is why you pay a Tax and I do not. If the EU law says I cannot track your inworld times ("stalk you that way") and I do it anyway, there is still nothing you can do: that law only applies to you. And since such tracking is not against the TOS *I* agreed to, I am protected and can still do it. Edited February 6, 2019 by Alyona Su Link to comment Share on other sites More sharing options...
Freyadoe Posted February 6, 2019 Author Share Posted February 6, 2019 4 minutes ago, Estelle Pienaar said: ...They have to respect the laws of the countries in which they offer their services or they can be held liable. Very true. It's why I started this topic. To decide, will am I be able to satisfy laws demands, or no. Seems the best solution will be treat online times and theirs history, even online status - as personal data and put sentence into privacy policy that an user must ask another person that will be tracked to give permission for tracking/sending messages from outside SL. Then process such data with accordance to GDPR (shortly - clear information about what and how will be used, give an user features to get all service data, related to her/him, and feature to delete all used data). Link to comment Share on other sites More sharing options...
Estelle Pienaar Posted February 6, 2019 Share Posted February 6, 2019 (edited) 40 minutes ago, Alyona Su said: This is the part of your statement that is unenforceable and here is why: I never agreed to anything that has to do with EU laws or regulations when I signed up for SL and neither does it say in their TOD that I must obey EU laws and regulations in order to use SL. This is all I'm saying: EU laws are unenforceable outside the EU, just as U.S. laws are unenforceable outside the U.S. In order to allow UE people into SL they abide by EU laws *for EU people*, no one else. It is why you pay a Tax and I do not. If the UE law says I cannot track your inworld times ("stalk you that way") and I do it anyway, there is still nothing you can do: that law only applies to you. And since such tracking is not against the TOS *I* agreed to, I am protected and can still do it. I am getting carried away by this discussion. It might be correct that tracking online status IS NOT against the TOS because of what @Kyrah Abattoir said. But clearly not because of your reasoning. Look at this article: https://www.theverge.com/2018/7/18/17580694/google-android-eu-fine-antitrust. But how is this possible? Google is a US company? It's unenforceable! Or is it? You are correct that you are protected from EU prosecution (as long as you do not plan to make holidays in Europe), but LL is not. So they would be stupid to allow you in their TOS to break laws when dealing with residents of other countries. You don't need to accept it and it also will probably not have consequences in this specific case because of what @Kyrah Abattoir said. But this is the way that international trade is organized. Added in an edit: Please don't tell people wrong facts in a forum if you don't have the competence in the field - especially not in such an persuaded tone. Other people might rely on your statements and it might put them into trouble. Edited February 6, 2019 by Estelle Pienaar Link to comment Share on other sites More sharing options...
Alyona Su Posted February 6, 2019 Share Posted February 6, 2019 (edited) 2 hours ago, Estelle Pienaar said: But how is this possible? Google is a US company? It's unenforceable! Or is it? It is enforceable against a company because that company chooses to do business in the EU. However, it cannot be enforced on individuals who are not citizens of the EU. This is my point. You may then say that the company is doing business in the EU and must obey EU law (true) and therefore because I use that company's services those laws also apply to me (untrue) - because many EU laws are also opposite of U.S. laws. That is why people in the EU see a different Google than people in the U.S. do. (Just an example). The same is true in SL. The way LL will get around it is through their Terms of Service that you must agree to and in that TOS they can say that "you agree (GIVE YOUR CONSENT TO)... by using this software..." - therefore you have already given your consent to anything that is allowed in SL. Edited February 6, 2019 by Alyona Su Link to comment Share on other sites More sharing options...
Kyrah Abattoir Posted February 6, 2019 Share Posted February 6, 2019 3 hours ago, Alyona Su said: That may be. Though a country's laws and regulations reach only as far as its borders. So, hypothetically speaking, if my tracking your online time without your consent is illegal in EU then so be it. But if I am not in the EU where that may be the law then too bad for you: that law is unenforceable. So then the question regarding Linden Lab being "in the EU" - but they are not in the EU. They are in the U.S. What they do is allow *access* from the EU. Meaning they can simply block you as an EU user and not worry about any law you complain about. If they have actual servers operating in the EU then only whatever part of their business that uses those servers is under those regulations. Now, let us take a step back and proclaim everything I've said as just a bunch of hot air. Whatever it is then, it is every bit as accurate and authentic as everyone else's contribution. ~laffs~ You could argue that the territorial borders are a slightly simplistic view on the limits of government reach. A country's power reaches as far as the stick can reach. To give you a little story as an example, I've had a USA domain broker tell a Canadian domain name provider that someone from the French government requested that one of my domain names had to stop pointing to their web server without permission. There is no law in any of those 3 countries against pointing a humorous domain name to an existing server. It did not matter one bit. Link to comment Share on other sites More sharing options...
Estelle Pienaar Posted February 7, 2019 Share Posted February 7, 2019 (edited) 19 hours ago, Alyona Su said: It is enforceable against a company because that company chooses to do business in the EU. However, it cannot be enforced on individuals who are not citizens of the EU. This is my point. You may then say that the company is doing business in the EU and must obey EU law (true) and therefore because I use that company's services those laws also apply to me (untrue) - because many EU laws are also opposite of U.S. laws. That is why people in the EU see a different Google than people in the U.S. do. (Just an example). The same is true in SL. The way LL will get around it is through their Terms of Service that you must agree to and in that TOS they can say that "you agree (GIVE YOUR CONSENT TO)... by using this software..." - therefore you have already given your consent to anything that is allowed in SL. I see that you are not as decisive anymore in your statements. We are getting there. I have never said that you need to obey EU law, so your argument is a straw man. We are talking about the TOS and if they can be influenced by EU law. The TOS need to respect the legal framework of all the countries in which Linden Lab offers there services. You don't take my word? Here is a link by the New York Times about social media updating the TOS for US citizens because of EU regulation: https://www.nytimes.com/2018/04/30/technology/personaltech/why-all-the-new-terms-of-service.html. Note further that the LL privacy policy mentions the European Union/Economic Area explicitly three times: https://www.lindenlab.com/privacy#. I however agree that for the concrete question that we are discussing here, this has no consequences as consent of Second Life users should not be necessary as long as you cannot connect the SL data with an identity ( @Freyadoe is talking about connecting the data with an e-mail account, so better get consent). So , I agree but just not for your wrong reasons! Edited February 7, 2019 by Estelle Pienaar Link to comment Share on other sites More sharing options...
Estelle Pienaar Posted February 7, 2019 Share Posted February 7, 2019 18 hours ago, Kyrah Abattoir said: You could argue that the territorial borders are a slightly simplistic view on the limits of government reach. A country's power reaches as far as the stick can reach. To give you a little story as an example, I've had a USA domain broker tell a Canadian domain name provider that someone from the French government requested that one of my domain names had to stop pointing to their web server without permission. There is no law in any of those 3 countries against pointing a humorous domain name to an existing server. It did not matter one bit. Again, no one said that you need to obey another countries law. Or do you find that statement somewhere in this discussion? Life and discussions are full of straw men... Link to comment Share on other sites More sharing options...
Facebook
Instagram
Twitter
YouTube
Flickr
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now