Title says it. Apparently lemmy devs are not concerned with such worldly matters as privacy, or respecting international privacy laws.

  • BloodSlut@lemmy.world
    link
    fedilink
    English
    arrow-up
    60
    arrow-down
    2
    ·
    10 months ago

    GDPR is for companies/corporations to “respect” user’s requests about their data.

    Lemmy (ActivityPub, actually) isnt a company.

    What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.

    What you probably can do is request that an instance remove your content… And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.

    This is still the internet, not some magical place.

    Use some of the most basic fundamental internet safety rules and don’t provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.

    • AlteredStateBlob@kbin.social
      link
      fedilink
      arrow-up
      15
      ·
      10 months ago

      You are slightly wrong. The GDPR applies to everyone dealing with personal data on the regular, which you always have to assume with open text boxes. There have been plenty rulings already imposing fines on individual, private citizens for their misconduct in violation of the gdpr.

      While Lemmy as a system might be exempt, anyone running Lemmy for sure isn’t, as long as it regularly processes data of EU citizens, which it does.

      As for the devs, the gdpr does require privacy by design. One could argue the Devs themselves aren’t running it at all, so their software doesn’t have to adhere to it, but individual instance hosts could still be hit with fines for running it as is.

    • Otter@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      ·
      10 months ago

      There are some great replies here

      I think it’s also worth putting in extra effort to educate users so they know early and not when they’re expecting otherwise. The system has a benefit, and it’ll be smoother if users aren’t surprised

      Data deletion and public vote records are the two big things that come to mind

      • ttmrichter@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        3
        ·
        10 months ago

        It’s on the server admin to ensure that all exchanged data is taken care of appropriately.

        “It’s on the server admin to do the literally impossible.”

          • r00ty@kbin.life
            link
            fedilink
            arrow-up
            6
            ·
            10 months ago

            No. I think we mostly want federating instances to respect delete requests. But only the instance actually contacted has any onus to delete on their own instance and maybe, maybe try to send requests to delete elsewhere.

            There’s no way there’s an expectation that the originating instance has a legal requirement to remove it from anywhere else.

          • ttmrichter@lemmy.world
            link
            fedilink
            arrow-up
            7
            arrow-down
            1
            ·
            10 months ago

            It is impossible. Flatly impossible. Because you cannot see if they’ve really deleted it or not. You can rely on a “data processing agreement” which, together with $50, will buy you a small cup of coffee at Starbucks.

            I federate with you here from China. I will agree to anything you like. And I will just attach an array of 16×16TB hard drives to slurp up all the data you send me. How will you know this is happening?

            You can’t. It is impossible for you to know until it’s too late and I’ve used it for whatever purpose profits me.

            An individual server admin can only ensure the data’s existence or lack thereof on their own server. Anything else presumes (rather stupidly) that bad faith actors don’t exist.