this post was submitted on 26 Dec 2023
-50 points (30.8% liked)
Fediverse
28277 readers
621 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
GDPR is for companies/corporations to "respect" user's requests about their data.
Lemmy (ActivityPub, actually) isnt a company.
What you are saying is the equivalent of saying that the concept of writing is in direct violation of GDPR.
What you probably can do is request that an instance remove your content... And then do the same for every single other instance of any platform that implements ActivityPub (and not all of them will even have data coming from you) and is federated with your instance. And the only ones that would really need to comply are those that are based or operating in the EU.
This is still the internet, not some magical place.
Use some of the most basic fundamental internet safety rules and don't provide potentially compromising information for no reason whatsoever. Especially since this isnt a corporation such as Facebook or Google who require you do so in order to use their service.
You are slightly wrong. The GDPR applies to everyone dealing with personal data on the regular, which you always have to assume with open text boxes. There have been plenty rulings already imposing fines on individual, private citizens for their misconduct in violation of the gdpr.
While Lemmy as a system might be exempt, anyone running Lemmy for sure isn't, as long as it regularly processes data of EU citizens, which it does.
As for the devs, the gdpr does require privacy by design. One could argue the Devs themselves aren't running it at all, so their software doesn't have to adhere to it, but individual instance hosts could still be hit with fines for running it as is.
thank you for the correction
There are some great replies here
I think it's also worth putting in extra effort to educate users so they know early and not when they're expecting otherwise. The system has a benefit, and it'll be smoother if users aren't surprised
Data deletion and public vote records are the two big things that come to mind
"It's on the server admin to do the literally impossible."
No. I think we mostly want federating instances to respect delete requests. But only the instance actually contacted has any onus to delete on their own instance and maybe, maybe try to send requests to delete elsewhere.
There's no way there's an expectation that the originating instance has a legal requirement to remove it from anywhere else.
It is impossible. Flatly impossible. Because you cannot see if they've really deleted it or not. You can rely on a "data processing agreement" which, together with $50, will buy you a small cup of coffee at Starbucks.
I federate with you here from China. I will agree to anything you like. And I will just attach an array of 16×16TB hard drives to slurp up all the data you send me. How will you know this is happening?
You can't. It is impossible for you to know until it's too late and I've used it for whatever purpose profits me.
An individual server admin can only ensure the data's existence or lack thereof on their own server. Anything else presumes (rather stupidly) that bad faith actors don't exist.