Asklemmy

43810 readers

1592 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS

123

Lemmy and GDPR - What is the current state? (lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by NewBrainWhoThis@lemmy.world to c/asklemmy@lemmy.ml

88 comments fedilink hide all child comments

As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR compliant? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?

Edit: The question "is Lemmy GDPR compliant" should mean, does the software stack provide admins with means to be GDPR compliant.

Edit2: Similar discussion with many interesting opinions on lemmy.ml by /u/infamousbelgian@waste-of.space--> https://lemmy.ml/post/1409164

Edit3: direct link to philpo great answer-->https://feddit.de/comment/840786

you are viewing a single comment's thread
view the rest of the comments

[–] skullgiver@popplesburger.hilciferous.nl 4 points 1 year ago (1 children)

Many versions of Lemmy haven't been deleting data at all, merely setting a flag in the database that a post has been deleted rather than actually getting rid of the contents.

As for federated data, deletes do federate. I would say that a server ignoring an authorized delete request would be in violation of the law, but then there's the matter of a lack of any data processing agreements with other servers.

I do wonder what the legal implications of servers ignoring deletion requests are. Would Facebook be on the hook for deleted data still being stored on a scraper's server? Would LinkedIn be liable for all of those sketchy mirrors online? I personally don't think so. On the other hand, federation is push based, rather than the result of responding to a request from a third party.

[–] MentalEdge@sopuli.xyz 0 points 1 year ago (1 children)

There's not just ignoring the request.

An instance can simply be offline when the request is made. Or be defederated.

[–] skullgiver@popplesburger.hilciferous.nl 1 points 1 year ago

Defederation is an interesting issue. Perhaps deletes and updates should always be federated, as long as they're authorized with the proper signature. I honestly don't know how that's implemented.

That said, I'm sure someone contacting the server admin will be able to get their data corrected or deleted.

Offline servers should get the deletes in most federated software. I've seen some slightly troubling modifications to Lemmy (disabling the retry queue because offline servers were clogging up the scheduling mechanism) but that's not standard as far as I know.