this post was submitted on 08 May 2024
571 points (98.8% liked)

Technology

34989 readers
449 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 6 months ago* (last edited 6 months ago) (3 children)

This is a violation of GDPR, no?

EDIT: user created content is not directly protected under GDPR, only personally identifiable data is pertected under GDPR.

[–] [email protected] 15 points 6 months ago (2 children)

Dunno. GDPR is a Europe only thing, and isn't it only related to how your private data (like name, IP address, phone number) is cared about ?

[–] [email protected] 7 points 6 months ago

Right, I think it only covers personal information: companies can only collect what they need to run their service, users can request to see their data etc. I don't think it applies to comments and posts.

[–] [email protected] 3 points 6 months ago

I would certainly hope so. Stack Overflow content is Creative Commons licensed, so the argument is basically that the GDPR would take precedence over the CC license grant. It'd be scary if GDPR could be weaponized against forks of free software projects in this manner.

[–] [email protected] 2 points 6 months ago (1 children)
[–] [email protected] 4 points 6 months ago (3 children)

User should have the right to delete their data stored by the company.

[–] [email protected] 4 points 6 months ago (2 children)

Would that kind of provision allow me to have my code removed from a git repository history, if that git repository is hosted by a company?

[–] [email protected] 2 points 6 months ago

As long as you didn't give those rights by signing a CLA or a copyleft license. Never sign a CLA unless you're fully compensated.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

I am not a lawyer, but I believe in general, yes.

Git is not even that convoluted, as all the history is stored in the .git folder within the repo. Unless there is some convoluted structure built on top, they would only need to move the repo folder to a trash disk, waiting to be formated.

That being said, GDPR is somewhat poorly enforced at the moment, unfortunately. I don't know if you can sue the company and expect some result within couple of years.

[–] [email protected] 3 points 6 months ago

No because user generated content is not protected.

[–] [email protected] 2 points 6 months ago (1 children)

Doesn't that just mean the data would have to be anonymized ?

[–] [email protected] 3 points 6 months ago (1 children)

I am not a expert or a lawyer, but I believe user actually hold the right to completely erase personal data:

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay

https://gdpr.eu/right-to-be-forgotten/

Note the word "erasure" as opposed to "anonymize"

[–] [email protected] 5 points 6 months ago (3 children)

I don't think that addresses my point. Is my opinion on the new Star Wars movies that I post online or some lines of code I suggest "personal data"? I thought personal data had a specific definition under GDPR

[–] nefonous 5 points 6 months ago

You're totally right, the content of your posts is not considered personal data (because it isn't) It's more about profiling data that can be connected back to your actual person

[–] [email protected] 3 points 6 months ago

I think you are right, user generated content doesn't seem to be protected. This is surprising to me, as user should hold the right to their content, which in my mind should enjoy stronger protection than personal data.

[–] [email protected] 2 points 6 months ago

Technically, they could retain posts from users if they are irreversibly anonymized. However, ensuring with 100% certainty that none of your posts ever contained any personal data that could lead to the identification of you as an individual is challenging. The safest option is therefore to also delete your posts.

[–] [email protected] 1 points 6 months ago

That only applies to personal data.

[–] [email protected] 1 points 6 months ago

How does GDPR get away with not defining what a website is when referring to them directly in the law? Like what counts, only html? http? ftp? gopher?