In recent years the world has had a lot of new regulations on how websites need to operate. Different US States, the EU, the UK, for example.

Composr has been trying to make it easy for webmasters to comply with them out-of-the-box. But I think this is troublesome and naive in some ways, and just trying to go along with everything and nodding-our-head could be drinking the koolaid (ignoring that these issues are often highly opinionated or may involve consideration of tradeoffs) or create practical problems.

On a practical level, I am concerned this could break down:

1. Regions of the world will have different cultural norms. Example: The US favors rights for people who build things (e.g. choice of who you can do business with on what terms), while the EU favors rights for people consuming things (consumer rights). In other words, the rights frameworks are quite divergent: the US going for absolute freedoms (which includes business owners etc), the EU trying to protect the little guy from what it sees as the big guy. (And this example is US vs EU, which is relatively culturally-aligned compared to a lot of other jurisdictions)
2. Governments are going to have contradictory rules. Example: It might be broadly possible to technically integrate the combined policies of the UK, US, and EU, but likely not when you add in countries like Saudi Arabia and China (direct contractions in privacy vs government reporting).
3. Governments are going to make bad decisions, or at least paint with an overly-broad brush. Example: The EU and UK making strict moderation rules that make sense for big platforms like Facebook, that may not make sense for small forums run by volunteers without the resources to produce legally-valid documentation or engage in potential arguments with problematic users.

It is troubling legally because it is both unclear what webmasters need to do when operating across jurisdictions, but also again potentially contradictory. A jurisdiction could be all of where a site is hosted, who builds it (could be people from all over the world), and who uses it? One scenario is a site complying with law in one jurisdiction, and being entirely hosted and run from that jurisdiction, but a moderator team member being arrested just by traveling to another. That's a bit extreme, but the Telegram CEO was arrested for something approaching this example.

In general I want to know what Composr users think about whether we should be primarily concerned about the rights of Internet users, or the preferences for webmasters.

I was going to do a poll, but there's enough color around here that I don't know what I'd even make the poll options.

Should we default things to make things easier for webmasters, or to be compliant with regulations?

Should we just hard-code things in some cases, so we don't have a crazy number of config options? Or only allow override by hidden option as a middle-ground?

What regions should we compare about regulations for? Is it reasonable for Composr to be biased?

Is it all case-by-case?

Maybe it is okay to be biased simply in the direction of how the Composr community wants it to be?

Patrick just mentioned the need to make moderation actions explicit to users being moderated. Where does this sit under the above? My gut feeling is it should be an option that defaults on because while the EU is a large jurisdiction that many sites will want to comply with, especially given the cultural roots of Composr, there will still be plenty of sites that have no interest regarding the EU and may not agree with their regulations.

Chris Graham said

Should we default things to make things easier for webmasters, or to be compliant with regulations?

I think we should have the best of both worlds, but lean towards compliance with the law. The penalties for not following regulations can be massive, enough to take down anyone who doesn't have a large platform. So I believe being able to provide the tools necessary to implement compliance where necessary for someone's site is important.

It should, however, not be too difficult to implement either, otherwise webmasters won't use it. This is the struggle I face with the new parental controls system. The laws can be so complex and can vary so much between regions that I would have easily spent 10 times as long or more developing a UI opposed to just using an XML configuration. XML is less webmaster-friendly, but it enables more flexibility and the ability to quickly implement other tools down the road. But that's where our tutorials fill in the gap. XML can be intimidating, but it is concise. So that makes XML easy to document and understand.

Chris Graham said

What regions should we compare about regulations for? Is it reasonable for Composr to be biased?

What I have in version 11 at this time is what I call a "reasonable default". The configuration is biased towards the most impactful and well-known regulations (U.S. COPPA, EU GDPR, Canada and Brazil's spin-offs, Japan's super-strict 18+ rule). Most small sites will, IMO, generally be okay with these defaults. But larger ones should ideally have an experienced legal team who then modify the configuration for more fine-tuned requirements. 

Chris Graham said

Patrick just mentioned the need to make moderation actions explicit to users being moderated. Where does this sit under the above? My gut feeling is it should be an option that defaults on because while the EU is a large jurisdiction that many sites will want to comply with, especially given the cultural roots of Composr, there will still be plenty of sites that have no interest regarding the EU and may not agree with their regulations.

 

Actually, good point. It could be defined as a field filter to be set required (e.g. minimum length 1) in Composr's default field filters XML. And if anyone doesn't want it, they can just remove it.