Fediverse

28339 readers

499 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago

MODERATORS

GDPR (self.fediverse)

submitted 1 year ago by redditcunts to c/fediverse

83 comments fedilink hide all child comments

Drive we are so privacy focused here. What is to prevent myself or anybody out there, from starting to report individual instances of GDPR and CCPA.

No lemmy insurances are complying with national privacy laws and nobody is talking about it at all.

you are viewing a single comment's thread
view the rest of the comments

[–] awderon 6 points 1 year ago (21 children)

Disclaimer: I have no law degree and everything in this post is speculative.

After reading up on GDPR (https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) it deals with the transfer of personal data to entities outside the EU or EEA for processing. The definition of personal data would be the main point to see if/how GDPR is applicable to lemmy instances. (https://en.wikipedia.org/wiki/Personal_data)

Your IP address and EMail address could be classified as personal data from my point of view. But this won't be shared or processed outside of the instance as far as I can tell. If your username and associated posts are classified as personal data I can't say, but there seems no connection of these to your IP or Mail outside the instance. According to this TechDispatch (https://edps.europa.eu/data-protection/our-work/publications/techdispatch/2022-07-26-techdispatch-12022-federated-social-media-platforms_en) the instances still must adhere to GPDR, but as there is not much or no processing of personal data taking place this should pose no issue.

All of this is based on a bit of research, so please enlighten me if I made any mistakes.

[–] trouser_mouse 4 points 1 year ago* (last edited 1 year ago) (18 children)

In the UK a screen name is an identifier. See ICO here. I am in the UK. Therefore combined with other data being collected, e.g. IP. Lemmy and instances I interact with are handling personal data. If it is transferred between instances when I search or view content from one instance to another, there are GDPR implications.

[–] awderon 3 points 1 year ago

I agree, there is definitely work to be done regarding compliance.

load more comments (17 replies)

load more comments (19 replies)