Problem

There are some legal issues we need to take care of before launching the site:

1. GDPR - we need to protect the user data to the maximum extent possible and users need to be able to request a copy of their data and users must be able to ask us to delete, rectify or restrict use of their data.

2. Copyright - this depends on where we’ll host the site, in the US we must provide something compatible to the DMCA, I don’t know how the legal situation is and will be in the EU, especially after the new copyright directive.

   Furthermore we need to take care in copying contents from Stack Exchange if that is the way we go.

3. Trademarks - ours and possibly from Stack Exchange

Proposed Solutions

Data security should be a primary concern during database and architecture design. I think the GDPR requests could be done manually in the first few weeks (if there should be any), however we definitely need someone taking care of that, especially in legal matters. It might be a good idea (although not neccessarily MVP) to develop a request framework, where users can do most of the things themselves.

Same goes for copyright and trademarks IMO. I think it might be useful to develop a tool to submit DMCA takedown notices and to publish a list of them on our site, the same way that Stack Exchange did initially, however that shouldn’t be MVP.

We definitely need someone with legal experience!

However, with the other concerns, what do you think about them? Which of the solutions should be in our MVP, which can be added later?

This is several different topics, some of which should probably have their own thread.

GDPR: users (well, EU users, but that’s an impractical restriction) must be able to know and rectify all the private data we have about them. Note that this only covers private data; contributed content doesn’t count as such (but might if it includes the user’s address or their life story). I doubt that we’d want to store any private data that’s inaccessible to the user. So merely letting users see, edit and delete their profile should fulfill the requirements. Nothing special to do for MVP.

Copyright: As I understand it, not having a DMCA takedown contact address and honoring valid-looking takedown requests makes the platform as liable for copyright infringement as the poster. So A DMCA takedown process is necessary for MVP.

Trademarks: obviously we must not use any Stack Exchange trademark. We need to make sure that we don’t use any other existing name or anything similar — it may even be worth doing a trademark search before settling on names, but that doesn’t come cheap. Since this is a non-profit endeavor, we don’t really need trademarks, but registering the platform name may help if someone decides to be nasty; I don’t know how much that costs.

We appear to have reached consensus here.

• We will handle legal requests manually to begin with.
• We must have legal policies in place in MVP, to include information on GDPR, DMCA, and contact details for legal requests.
• We may later develop additional features within the product to handle legal requests.

Since this topic is uncontroversial, it will close 24 hours after the last reply. If I have missed or misconstrued anything, please reply here.

To clarify: “handle legal requests manually” should include, at a minimum, an appropriately findable link (home page? FAQ?) that goes to a short page of legalese explaining the issues (GDPR compliance, DMCA, anything else), with the contact info (either a form or, far more simply, a [email protected] or whatever email address).

Yep. I’ll edit that into the consensus-built post; we need to have legal policies.

Added to requirements; please update if any changes are needed. (I only added the first two bullets because it’s a list of MVP requirements.)

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.