this post was submitted on 06 Mar 2024
251 points (88.9% liked)

Fediverse

28396 readers
1282 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

you are viewing a single comment's thread
view the rest of the comments
[–] Jumuta@sh.itjust.works 20 points 8 months ago (3 children)

how are you supposed to do gdpr compliance on a federated system though?

[–] maynarkh@feddit.nl 22 points 8 months ago (1 children)

You are responsible for data collected by your own instance. If a deletion request comes through, you are responsible for deleting it from your account, and forwarding the deletion request and responses to other instance you federate with. You are in the clear as long as you don't keep data you legally can't, and have sufficiently informed other instances of your obligations.

[–] Badeendje@lemmy.world 5 points 8 months ago

No, if you collected the data and shared it with others, simply informing the others is not enough. This is why the platform needs tools for admins to comply.

A proper method, that allows the users to nume their account could already be enough.

[–] Badeendje@lemmy.world 8 points 8 months ago* (last edited 8 months ago)
  • By defining all information that is processed and why.
  • By not processing and storing any personal identifiable information (an IP address is PII for example) without a clearly defined need.
  • When stored ONLY using data for the defined purposes. This also means shielding data that should be shielded.
  • By implementing the mechanics for someone to be forgotten (delete my account, should delete all info, especially PII).
  • Making sure the mechanics to federate these changes/deletions exist.