"don't like GDPR"? What's not to like? Best thing that came out of EU regulation in a long time. And as others have noted you seem to be misinformed about what it actually says...
this post was submitted on 21 Jun 2023
19 points (88.0% liked)
Lemmy
12715 readers
72 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to [email protected].
founded 4 years ago
MODERATORS
I also can't wrap my head around “not liking” GDPR
As a relevant example, seems like only citizens covered by GDPR will be able to request Reddit to remove all of their data from Reddit's servers since comment deleting tools and scripts are being bypassed, with loads of comments and even entire profiles getting restored by Reddit admins
Can you explain where I'm misinformed? I can surely be misinformed about the workings of Lemmy. However, for GDPR you will not "win" it with a simple TOS or something like that.
If even Google can't make their Workplace to follow rules in such a way that Workplace can be used according to the AVG rules in the Belgian (well, Flemish) schools, I'm pretty sure that just saying "it's in the TOS" is not enough...
But again, no expert so I hope that I am wrong.
IMO it's pretty much the same case as email. With email you send data to some remote server which may or may not reside in the EU.
I'm not really sure what argument you can make that fediverse apps but not email break gdpr.
Or even something as simple as putting your email on a public website that may be visited by someone in the US.
I'm not an expert in GDPR and will leave the technical side to those who are, but the fact that the EU actively present at the Fediverse with among others the @EU_Commission represented at their official Mastodon instance, I would be surprised if the GDPR was suddenly weaponised against it.
GDPR was written with the intention of empowering users over corporations. The Fediverse has the same goal.
load more comments
(4 replies)
And personal data goes really far. Even an IP-address is personal data. An e-mail address is personal data.
Thankfully, Lemmy instances do not transport this kind of information about their users to other instances!
load more comments
(24 replies)
all personal data from EU users must remain in the EU
Create your account on a EU server, problem solved.
Lemmy (fediverse in general) doesn't send account data away, and posts don't qualify as personal data, when you publish something to the internet, it's public by definition.
load more comments
(7 replies)
Since the entire goal of the fediverse is “transporting” all data to all servers inside the ActivityPub/fediverse world, the data of a EU member will be transported all over the place.
It doesn't work like that, think of your instance being a proxy to the fediverse
Is it? I read somewhere that data effectively gets "copied" to the different instances? But that might be wrong info :p
You're right. If someone from feddit.de subscribes to a lemmy.world community, the entire content of that community is going to be copied to the feddit.de server and that's the exact issue OP is referring to.
the entire content of that community is going to be copied to the feddit.de server
That's not true. The text is being copied, the media is not. Anyone, anywhere in the world, can put tracking pixels on Lemmy posts at any time to log user data. Regardless of the instance used to read it.
load more comments
(1 replies)
load more comments
(2 replies)
But when a lemmy.world user subscribes to a feddit.de community, the entire community will be copied to the lemmy.world server, or am I wrong?
load more comments
(13 replies)
Neil Brown did quite a good write-up on the legal standing of the Fediverse late last year: https://decoded.legal/blog/2022/11/notes-on-operating-fediverse-services-mastodon-pleroma-etc-from-an-english-law-point-of-view
There's a section part way down about GDPR, but the answer is "it depends"
Thanks! The info actually makes sense. Also, do note that every EU country has their own specific implementation of the GDPR law with very small differences. So this is written according to the UK implementation, but the BE implementation might be just a bit different.
All complicated stuff...
Kbin.social and feddit.de are hosted in Germany. That's why I signed up there.
What do y’all thing about this?
This is why I won't ever run any web service with public registration.
The people hosting an instance are responsible for the informed consent. So if you federate with anyone you need to make sure to inform your individual users about all of your peers, what data they process, and who's the contact for that peer.
This is of course impossible.
If anyone ever sues you, they probably effortlessly win the lawsuit.
FWIW Hacker News just says it doesn't apply to them as it doesn't count as a service for just a discussion board.
But I think the right of deletion is a bigger issue than where email addresses are stored.
view more: next ›