144
Lemmy and GDPR - What is the current state?
(lemmy.world)
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
There's no reason why activitypub would be considered any different from email, nntp, or even search engines and internet archives. When an website or email server gets a GDPR request it's not propagated in any way, and it would be a stretch to expect it to.
Are you sure? Email only sends your message to servers which you explicitly ask it to. If you only trust protonmail, you can choose to only send emails to other protonmail addresses. If protonmail chose to share your emails with other third parties regardless, I can't help but think maybe that breaches the GDPR.
Lemmy, by design, propagates copies to instances based on opaque factors outside of the user's control, even when the UI suggests that you are sending content locally. In the case of posting a comment to a community hosted on your home instance: Lemmy will send a copy to whichever servers happen to have users that are currently subscribed to that community. It's a very opaque outcome and pretty far from the outcome you'd experience when sending an email message to someone using the same email provider.
Yes, but these are genuinely disconnected entities who come across the data as a user might. Lemmy doesn't personally phone up Google and send them a copy of your comment as soon as you post it, but that's basically exactly what happens when Lemmy federates a comment with other instances via ActivityPub.
FWIW: I think Lemmy as a piece of software is actually very aligned with the interests of the EU more generally and I think it would be a bad idea for them to come down on federated social media as a GDPR issue. I nevertheless worry that it represents untested waters and can certainly imagine a reality where it receives a raw deal from regulators.
Wouldn't this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren't they?
Wouldn't this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren't they?
Wouldn't this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren't they?
Wouldn't this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren't they?
Wouldn't this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren't they?