this post was submitted on 06 Jul 2023
64 points (98.5% liked)

Asklemmy

43918 readers
1708 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.

If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.

My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?

Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?

Or am I completely misunderstanding how GDPR works?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] -1 points 1 year ago (1 children)

Why do you think Lemmy is GDPR compliant?

[โ€“] firipu 3 points 1 year ago (2 children)

No idea. That's why I am asking.

I just feel that if Lemmy keeps growing, the EU will eventually take notice and consider implementing requirements/measures/regulations...

But I guess it's not just lemmy, but also any other fediverse (or any other decentralized) service. Just curious

[โ€“] [email protected] 4 points 1 year ago (1 children)

Practically speaking, can they actually regulate it, beyond going after instance owners that are themselves based in the EU? I mean, they can pass laws, but given that instances are not large companies that might want to do business in Europe, I'm not sure what stops an instance owner not located within their jurisdiction from just ignoring them and not paying any levied fines or similar. They could require ISPs then block that instance or something I suppose but keeping up with an evolving list of tiny websites that don't necessarily advertise themselves much and so might slip under regulator's radar for awhile is probably much more difficult to block compared to a single corporate run site.

Not that I'm suggesting that Lemmy shouldn't make an effort to comply with regulations requiring people be able to delete their data, if anything, such a system if successful would make it harder for companies to take advantage of it by setting up servers to secretly collect what data they can, for example, I'm just questioning if it's really possible for a government to meaningfully enforce rules on some small group of random mostly volunteer people who may likely be operating from another country anyway.

[โ€“] firipu 1 points 1 year ago

Haha, that's also very true :).

[โ€“] [email protected] 1 points 1 year ago

the EU will eventually take notice and consider implementing requirements/measures/regulations...

The regulation is already here LOL. The GDPR is the regulation.

If somebody accuses you, then some court is going to judge.