> A data breach? On a small self-hosted blog or email server? Who's data would those regulations be punishing you for leaking, your own, maybe two freinds'?
Say you host your own WordPress blog with comments enabled. A few of your posts get to the front page of Hacker News, and you collect a couple hundred comments from California techies. Your WordPress instance is breached because you didn't patch a zero day vulnerability quickly enough. You have to personally notify every California resident of the breach, and California's Attorney General.
Government regulation means that part of your job in self-hosting a simple blog is knowing that CCPA exists, along with every similar regulation passed by every other state, now and into the future.
Worse, you may not even realize you're holding regulated "personal data" and how much. Maybe you try to avoid this liability by turning off comments and uploads, but you don't realize your web server has access logs enabled, and some state or country considers this personal data as well. GDPR does for one.
> Say you host your own WordPress blog with comments enabled. A few of your posts get to the front page of Hacker News, and you collect a couple hundred comments from California techies.
The possibility of this is less than 1% purely due to commenting friction. Hacker News already has a comment section. No one's going to sign up for a Wordpress account in order to post their comments there.
Come on now. Can you point to one single case of something close to this scenario having happened in real life to a small self-hosted WordPress blog? Or even a big one? Governments are not that stupid, they are not that malicious and they do not have infinite resources to pursue such frivolous and nonsensical activities. This reads like some weird sort of paranoid legal fanfic.
The state can get an injunction against you, fine you, and in some situations creates a private cause of action for the people whose information was breached to individually sue you with statutory damages available.
Say you host your own WordPress blog with comments enabled. A few of your posts get to the front page of Hacker News, and you collect a couple hundred comments from California techies. Your WordPress instance is breached because you didn't patch a zero day vulnerability quickly enough. You have to personally notify every California resident of the breach, and California's Attorney General.
Government regulation means that part of your job in self-hosting a simple blog is knowing that CCPA exists, along with every similar regulation passed by every other state, now and into the future.
Worse, you may not even realize you're holding regulated "personal data" and how much. Maybe you try to avoid this liability by turning off comments and uploads, but you don't realize your web server has access logs enabled, and some state or country considers this personal data as well. GDPR does for one.