this post was submitted on 01 Jul 2023
123 points (95.6% liked)

Selfhosted

39226 readers
420 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
123
Anything else to consider when hosting a Lemmy instance in the EU? (lemmy.one)
submitted 1 year ago by tk338@lemmy.one to c/selfhosted@lemmy.world
59 comments fedilink hide all child comments
 

I'd be really keen to host a lemmy instance but just wondering with GDPR and everything, if there is anything else to consider outside of the technical setup and provisioning of hardware?

Lemmy is storing users data so is there any requirement to do anything GDPR wise?

Hope this is the right place for this - But seen a lot of posts interested in hosting their own lemmy instance, and this is an extension of that

you are viewing a single comment's thread
view the rest of the comments
[–] Max_P@lemmy.max-p.me 47 points 1 year ago (34 children)

I'd put a legal blob in the Legal section clearly outlining the nature of the fediverse and making it clear to the user that really deleting stuff from Lemmy is near impossible because every instance has a copy of it. That you'll happily comply and purge the user's data upon request but that it will still be cached on every other server.

I'd be interested to see what lawyers have to say about it. Technically the data sharing is absolutely required by the protocol so it might be okay with the GDPR, but it's also possible that as worded it can't possibly be GDPR compliant. It was designed with big companies like Google, Meta and big advertisers in mind, and didn't really account for decentralized services like the fediverse...

[–] Max_P@lemmy.max-p.me 8 points 1 year ago* (last edited 1 year ago) (18 children)

Actually I wonder if the end result would end up essentially being, you can only federate with other GDPR compliant instances that you trust will respect the GDPR and honor federated data delete requests.

The core of the issue is that just by the virtue of running, an instance collects a stupid amount of data. I was baffled at how many user accounts my instance had discovered mere hours after starting it up.

Edit: row counts after just a week of running my private instance with only 3 users:

The profiling potential is scary, so users should be really careful with basically every interaction on the Fediverse, including votes. I bet the feds are having a field day monitoring what's going on on exploding-heads and lemmygrad.

[–] Thorosofbeer@lemmy.world 4 points 1 year ago

I believe this is probably what will happen if this ever becomes a big issue. GDPR was never intended to be navigable for anything except giant proprietary blob tech companies.

load more comments (17 replies)
load more comments (32 replies)