this post was submitted on 05 Jul 2023
76 points (98.7% liked)
Asklemmy
43783 readers
833 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
[This comment has been deleted by an automated system]
My statement about it being up to those running instances is mean in terms of it's up to them to read the legislation and come to a conclusion. If I were hosting an instance I'd certainly assume it applied, though I doubt there has been any case testing its implementation in this sort of situation.
I wonder if the first data breach will draw the attention of a regulator. We're all using essentially alpha software, with no privacy notice, I doubt there are RoPAs or DPIAs, I doubt there is a DPO.. all those things might upset someone like the ICO in the UK if a breach were to occur.
[This comment has been deleted by an automated system]
Isn't the key operating word here business?
With no advertising on the line and no operations currently in place operating at anything but a loss there isn't a commercial interest at stake.
Nope, GDPR does not limit itself on businesses. It applies to all data collection.
Governments also have to comply with GDPR. They also have no commercial interest in the personal data.