this post was submitted on 21 Jun 2023
9 points (90.9% liked)

Asklemmy

43918 readers
768 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

Title.

I have started to use Lemmy quite frequently in the last few days. I really like it, but I haven't been able to find any documentation that explains how my data is being handled, what kind of data is being collected and how it is being used and neither have I been able to find an in-depth explanation – or any explanation for that matter – about Lemmy's security model.

Would anyone please provide a source where I could find that info?

top 4 comments
sorted by: hot top controversial new old
[–] fubo 18 points 1 year ago* (last edited 1 year ago) (2 children)

The Lemmy federation is not a single legal entity; it's a collection of servers operated by different people. This means that Lemmy as a whole cannot have a privacy policy β€” but a single server instance might.

For example, the lemmy.world instance has a link at https://lemmy.world/legal which directs you to the policies at mastodon.world, which is operated by the same person. The privacy policy is here.

This is similar to email. There's nobody in charge of all of email, so there's nobody who can set a policy for all of email. But a specific email provider, like Hotmail or Gmail, certainly can & do have policies.


Most Lemmy instances are run by individual volunteers as a personal hobby, rather than being run by businesses professionally. As such, they might not be covered by privacy laws such as ~~the EU GDPR (which doesn't apply to personal activity) or~~ California CCPA (which only applies to for-profit activity). (Edited; see below)

Of course, if anyone wants to run a Lemmy instance commercially β€” or if an existing business decides to run their own, professionally β€” they would be covered by these laws.

[–] [email protected] 8 points 1 year ago (1 children)

As such, they might not be covered by privacy laws such as the EU GDPR (which doesn’t apply to personal activity)

Personal activity specifically only includes providing services to yourself or close family members. Putting something on the internet is explicitly not that.

From the same law:

That exception must therefore be interpreted as relating only to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people.

[–] fubo 2 points 1 year ago

Good catch, thanks.

[–] ItsYourBoyHalo 3 points 1 year ago

Oh, wow. I didn't know that, I'm still trying to wrap my head around this fediverse stuff! Thank you!