this post was submitted on 05 Jul 2023
156 points (96.4% liked)

Asklemmy

44002 readers
1057 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR compliant? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?

Edit: The question "is Lemmy GDPR compliant" should mean, does the software stack provide admins with means to be GDPR compliant.

Edit2: Similar discussion with many interesting opinions on lemmy.ml by /u/[email protected]> https://lemmy.ml/post/1409164

Edit3: direct link to philpo great answer-->https://feddit.de/comment/840786

you are viewing a single comment's thread
view the rest of the comments
[โ€“] seacocker 23 points 1 year ago* (last edited 1 year ago) (7 children)

Wither GDPR applies to an individual instance will be up to those running the instance to decide.

If you decide it does, then you need to do a few things. Number one is read up advice on compliance with GDPR.

Being able to delete data alone doesn't mean GDPR compliance. I'm thinking about the need for privacy notices on sign up, retention schedules for data, lawful basis of processing, records of processing activities.. Data subjects have numerous rights, which apply depend on the lawful basis you're processing under.

I'd suggest that larger general instances might want to read up more urgently than smaller single focus "hobby" instances.

edit: more I think about this, I think there is an moral responsibility for the developers to help those running instances comply. If GDPR does not apply to an instance, it is still good practice to allow uses to delete their data, etc.. Also, art. 20 of GDPR is the right to portability. Interesting to see how this applies to fediverse platforms like Lemmy.

load more comments (4 replies)