this post was submitted on 07 Jul 2023
8 points (56.9% liked)

Fediverse

28361 readers
684 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

Drive we are so privacy focused here. What is to prevent myself or anybody out there, from starting to report individual instances of GDPR and CCPA.

No lemmy insurances are complying with national privacy laws and nobody is talking about it at all.

you are viewing a single comment's thread
view the rest of the comments
[–] trouser_mouse 1 points 1 year ago (1 children)

It's law to comply with GDPR and the ePrivacy Directive.

  • Receive users’ consent before you use any cookies except strictly necessary cookies.
  • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
  • Document and store consent received from users.
  • Allow users to access your service even if they refuse to allow the use of certain cookies
  • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.
[–] awderon 2 points 1 year ago (1 children)

There is only one cookie present when I inspect the Cookies with my browsers dev tools. Which seems to be the auth token for my account.

[–] trouser_mouse 1 points 1 year ago (1 children)

As far as I am aware, a user authentication cookie is classed as personal data and therefore subject to GDPR!

[–] awderon 2 points 1 year ago (1 children)

Receive users’ consent before you use any cookies except strictly necessary cookies.

Wouldn't the auth cookie fall into the strictly necessary category?

[–] trouser_mouse 1 points 1 year ago (1 children)

I'm no expert so hopefully someone will be able to chip in. I know when I have dealt with GDPR stuff, there has been quite a lot of conflicting opinions!

Even if it is not required to get consent for that, I think there is also a requirement around explaining to the user what they do and why they are necessary.

[–] awderon 1 points 1 year ago (1 children)

I'm also no expert, just trying to learn more about the topic as it's kind of interesting to see how other people are interpreting it.

[–] trouser_mouse 1 points 1 year ago

Just as an example, this is Reddit's cookie notification compliance - so something similar to this should be presented so that I know what the cookies are used for in plain language and can accept or reject any non-essential cookies. I should also be able to give or withdraw my consent at a later time.