My understanding (and I am not a lawyer) is that under European data protection law the important thing is to obtain user consent for this; I think there's a very reasonable argument that informing the user that you collect telemetry and that if they wish to avoid this they should just build their own copy of the software (which provides a very easy to access opt out which should satisfy everyone).
Although EU privacy and technology regulation is generally pretty ok, this seems to be one of those cases where their lack of technical skill or knowledge really shines through (other examples include the endless cookie banners and https://www.euronews.com/next/2024/07/22/microsoft-says-eu-t...)
Consent needs to be freely given; you can't nudge users into it and you can't hold access ransom over it. There's no way what you're suggesting would fly.
I've been told that if you have mandatory telemetry in your application that's fine because the user has a way to opt out (it's a free market and they don't have to use your software). I believe the territory where you add an opt-out is a bit murkier.
I'm not an expert and not on either side, but couldn't a notice like "by agreeing to these terms you allow us to turn on telemetry by default, and you are free to simply not use this software instead" be allowed?
Nope, consent cannot be a prerequisite of using the service/software, if it is available in the EU (or UK, since they grandfathered in GDPR after brexit) it must be usable with or without consent.
That is the reason many local non-EU ad-supported businesses (like local papers in the US) outright block all EU traffic. For example if I go to https://www.chicagotribune.com/ I get a blank page saying "This content is not available in your region".
Manjaro could do something similar by just blocking EU users from downloading it.
I don't think a "reasonable person" from the perspective of a court (non-developer, non-technical, end-user) can be expected to know (or even learn) how to compile software in this way, not to mention other downsides it has (like lack of updates and possibility to create new bugs) so I don't think this would be allowed, but it's up to a judge to decide on a case by case basis, not us armchair experts.
> I don't think a "reasonable person" from the perspective of a court (non-developer, non-technical, end-user) can be expected to know (or even learn) how to compile software in this way
I mean I don't think the EU can oblige you to make your software available to people who don't know how to use a computer.
It's good that we have operating systems that are easy to use (e.g. Mac OS, Windows), but this is not a priority for Linux desktop distributions (which is fine); what counts as easy to opt in/out of is very contextual.
"Click yes to consent and continue installation, click no to exit the installer and be redirected to a manual on how to build your own copy" would be in violation of the "consent must be freely given" stipulation of the GDPR.
You are more likely to get a regulator to agree to a version without consent (by minimizing personal data and arguing that your legitimate interest outweighs the weight of the little PII) than getting them to agree to your hostage situation
While I get the point you are making, I find it a bit over the top that you'd consider agreeing to telemetry in exchange for using the free software as tantamount to being held hostage.
In case it needs to be said, I'm 100% in favor of strong privacy protection laws.
Although EU privacy and technology regulation is generally pretty ok, this seems to be one of those cases where their lack of technical skill or knowledge really shines through (other examples include the endless cookie banners and https://www.euronews.com/next/2024/07/22/microsoft-says-eu-t...)