this post was submitted on 06 Jul 2023
64 points (98.5% liked)

Asklemmy

43983 readers
925 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.

If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.

My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?

Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?

Or am I completely misunderstanding how GDPR works?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 year ago (2 children)

It isn’t a single site or host, and there is no owner. Wouldn’t that be like saying “e-mail must be GDPR compliant”?

[–] firipu 1 points 1 year ago (1 children)

Not as if the GDPR cares about that specifically. Whatever excuse or justification you might have, the law still applies... Mail servers also have to comply with the law.

[–] [email protected] 5 points 1 year ago

To the point of the person you're replying to, I think it may be treated the same as email. For example, if you send an email and it gets forwarded somewhere else, all the "custodian of your data" (lets say google in this example) can do is delete any copies they have on their server. Anything outside of that is outside their responsibility/capacity.