this post was submitted on 05 Jul 2023
76 points (98.7% liked)

Asklemmy

43371 readers
1395 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
mekhos@lemmy.ml
tmpod@lemmy.pt
14specks@lemmy.ml
76
Lemmy and GDPR - What is the current state? (lemmy.world)
submitted 1 year ago by NewBrainWhoThis@lemmy.world to c/asklemmy@lemmy.ml
82 comments fedilink hide all child comments
 

As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR complient? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?

you are viewing a single comment's thread
view the rest of the comments
[–] MentalEdge@sopuli.xyz 4 points 1 year ago (4 children)

Lemmy is GDPR compliant, as far as I know.

Admins can entirely purge you off their instance, should you ask them to, and other servers do not store any personal details that GDPR would require be deletable. By most interpretations.

It can be argued that previously federated data that is now out of reach and as such cannot be deleted, could constitute a breach of GDPR.

[–] randomaccount43543@lemmy.world 2 points 1 year ago (1 children)

Other servers do store personal data. Any post or comment made by a user is personal data as it contains the thoughts/ideas of that user.

GDPR Art 4.(1) 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

[–] MentalEdge@sopuli.xyz 2 points 1 year ago (1 children)

That's one interpretation. One I illuded to.

But you can also argue that if the person who made the comment is unidentifiable, there is no "natural person" to make the data GDPR related.

[–] aski3252@lemmy.world 2 points 1 year ago

Well that depends on the comment, doesn't it? As far as I understand it, if I posted personal information about you, such as your name, home address, etc, in a comment, you could demand from the admin to remove that comment as it would contain personal information you don't want in the open.

[–] Contend6248@feddit.de 2 points 1 year ago* (last edited 1 year ago) (1 children)

Personal data posted by the user also falls into this, so they might have to force deleting on any instance hosted by organizations. Individuals or small teams running instances which don't take money don't need to comply to GDPR.

[–] aski3252@lemmy.world 3 points 1 year ago

Individuals or small teams running instances which don’t take money don’t need to comply to GDPR.

Are you sure about that? So if I hosted a website that shows your name and address, you could do nothing to make me take it down because I'm not an organisation or company?

[–] HobbitFoot@thelemmy.club 1 points 1 year ago

Yeah, but I imagine that could be handled via email. The tricky thing is to verify that the email is coming from the account in question, but that could be done by posting or commenting a specific phrase.