Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Please don't post about US Politics. If you need to do this, try [email protected]
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected].
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
Agreed, but - while it might be permissible legally to wipe out my data and content, what if I want to retrieve a copy afterwards?
I wouldn't want to keep control over other people's content, but regarding my own...
Well, in that case, baring credible contradicting information from another source, I think it's reasonable to accept the note from the former worker of a DPO. Would you agree?
Hmm. Will need a good think about this - perhaps I should adjust my commenting style to avoid direct quoting and such...
All the more reason to get started on it, I suppose.
Well, and dealing with responsible for user content from your instance's local users - but since it's just the one instance (or small handful if you trust a few others) it's still much more managable. And it becomes zero for, e.g., single-user instances (since those would have zero other users and thus zero other content to worry about hosting).
That's why I had the idea of creating and using the federation-bot account - this way there's no confirmation of identities or transfer of personal data.
Server admin question. Can save that for serverfault.com and the like IMVHO
One of those things that need experimentation and research to determine, but an answer can be found.
Hmm - if different DPOs can't agree, then I don't see how we get to the point of a user friendly manual.
This is what's inherently disturbing to me. I am one of those hoping that the GDPR would be a tool for the opposite (a way to rein in the big players, so to speak).
It was a surprise to read from the former DPO worker that email as a system is not compliant with the GDPR.
Hmm. I am starting to see why you take this view. Not saying I agree, but I can understand the frustration. That said, PIPEDA in Canada came to pass in 2000 - it's considered to have GDPR-equivalency and we've not had the sort of issues that you are raising with PIPEDA, which makes me optimistic that the GDPR can likewise be something that folks can live with.
Even if it is flawed it's still a step in the right direction IMVHO. I'm in Canada, which had PIPEDA back in 2000 - 18 years before the GDPR took effect in the EU. Hence I believe a solution is workable and a balance can be struck - even if in the worst case that means additional legislation to tweak the existing law. (Though I'd not even go that far - for example, from the former DPO, it seems that if EU courts all agreed that the API behind federation was covered by the "involuntary data transfer" exception then Lemmy would already be GDPR compliant (or mostly so) as-is of the time that I write this.)
You have the right to request a copy of all your personal data from whoever controls it. Apparently that feature is still missing from lemmy.
That quote is from here: https://lemmy.world/post/1060627
I think I agree with pretty much everything they wrote. From what I understand, the apostrophes indicate that this is not official jargon. You can't prevent web-scraping with any reasonable effort, so you don't have to. The internet already exists. It's too late to stop it now; better focus on stopping future progress.
Mind that there is nothing involuntary about federation. It's not like web-scraping in that respect. You can just turn it off. You are left with something like an old school forum or reddit. No problem.
If you take the view that context is a necessary part of your personal data, then merely avoiding quotes is probably not enough. Practically, the way reddit is doing things seems to be fine.
But what if someone wants to participate in a community on a different instance? At least, the texts and their context, along with the username and home instance, need to be revealed.
Taking a mental step back, it's probably premature to worry about technological implementations. Sending data around does not have to be a violation. Compliance will require partly better information, and partly different administration. The legal aspects should be worked out before the necessary tools for the administrators are implemented.
There are also a lot of regulation for the backend, that instance owners have to comply with but which won't be noticed by users. Documenting the data processing, who has access, possibly make data impact assessments, maybe notify the local data protection office, ... There's also more from the DSA, like releasing transparency reports on moderation twice a year, making regular backups and testing those, ... I'm not quite sure what all is demanded by the DSA. Oh, and by german law there also needs to be a (physical) address that can be served legal papers.
I'm thinking about the issue of web-scraping, in particular. Some say that it's almost always illegal. The European Commission, for one, disagrees.
I pulled this from google: https://www.morganlewis.com/pubs/2024/05/eu-regulator-adopts-restrictive-gdpr-position-on-data-scraping-impacting-ai-technologies
Web-scraping is in some ways related. You could also get (almost all of) the data through scraping. If it's not legal to scrape lemmy without permission, then it's probably not legal to spin up your own instance and get the data that way. It depends on your purpose, of course.
That's also why I find the whole issue a little silly. Someone outside Europe could just scrape the data from the web interface and not worry about the GDPR. You'd have to put all of Europe behind a firewall to make it make sense. That's a prime example of why I say the people in charge of the GDPR have no idea of the technology they are regulating.
Such regulation inherently favors big players. The cost of creating a compliant service/app/etc is fairly constant, regardless of the size of the user base.
Besides, the GDPR inherently favors elites. Has anyone ever tracked your private jet on twitter? Or chased after you to get paparazzi pictures? Some people's personal data is worth a lot more than that of others. Most people will never have to worry about scrubbing unflattering media stories from search engines, or have the money to hire professionals to do it right.
Tell me what you hope the GDPR will achieve and I'll tell you if there is any chance. I'd write what the fundamental problems are, but time is short.