this post was submitted on 06 Jul 2023
64 points (98.5% liked)
Asklemmy
44151 readers
2350 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Think of it this way. The way I see it federation is similar to an archival service storing a copy of the data. If reddit deletes all info when requested, but archive.org doesn't delete it. Well it ain't reddit's problem anymore.
Similarly, if a user request data deletion of data in their home instance located in the EU, and as long as the instance honors the request and delete their copy, that instance is not liable for other instances not honoring the deletion request. You might have to request data deletion with each individual instance that has a copy of your data, and it's only enforceable if the instance is in the EU where GDPR applies.
That's my interpretation, correct me if I'm wrong.
If archive.org, or any other web scraper is able to pull personal information from a site, it means that the site is already breaking the GDPR.
GDPR protects personal information, not public texts.
Because instance holds identifying information about EU citizens (email, nickname), it means that the instance owner is the registery holder, and they must comply with GDPR.
I believe email address of the user is not shared between the instances, what makes things quite good. Nicknames are bit more problematical, because they can be considered as personal identifier.
Some GDPR experts maybe should write template registery document that instances can use. And the delete of account should be handled between instances. Posts do not need to be deleted, but nick should be changed to [deleted]
That sounds like a good take. I have no idea if it's correct, but it sounds reasonable.
So I'd have to contact every single instance to get rid of my data, which sounds reasonable, but is practically speaking absolutely impossible.
Lemmy just sounds like a GDPR nightmare for the EU tbh.