As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR compliant? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?
Edit: The question “is Lemmy GDPR compliant” should mean, does the software stack provide admins with means to be GDPR compliant.
Edit2: Similar discussion with many interesting opinions on lemmy.ml by /u/[email protected]–> https://lemmy.ml/post/1409164
Does Lemmy even need to be gdpr compliment? It’s not a company, it’s private individuals.
For now anyways, I can see that changing in the future. Company centric instances with communities for each of their product lines.
I (with my own single user instance), do not. As soon as you offer your service to other users, it’s different. If you are a company or not, does not matter.
Edit: So to clarify, the Lemmy developers need not worry, the instance admins do. That said, IME (literally, our local DPA contacted us about compliance issues where I work), they (DPAs) are interested in helping people be compliant, not suing them.
This isn’t true since your single user instance is federated. For example, this comment is going to end up on your instance, and it could have my personal data.
edit: here’s a meta-link to this comment on your instance: https://lemmy.cwagner.me/comment/2786 – despite it originating from lemmy.one and the post being lemmy.ml from a user on lemmy.world (interestingly every person involved in this interaction is on a different instance)
That is a very different way of looking at it. I take the view of this Lemmy privacy policy that you are essentially sending your comment to me, just like an e-mail.
Though unlike an email, it’s public on my instance for now, so yeah, you have a point there.
My eventual plan is to make my instance only visible for logged in users (= only me), but I heard that for now that (the private instance flag) is not possible with federation.
deleted by creator
Is there a guide somewhere? Because experimenting when federation is already as unstable as it is, is hard.
Just like with e-mail, yes. Sending an e-mail to [email protected] does not make you agree to the example.org TOS and PP. Or more relevant to federation, sending an e-mail to a mailing list will end up on hundreds of servers. This is not that new a concept.
deleted by creator
Thanks, I’ll bookmark this and have a look when I have some time :D
The GDPR also applies to invidivuals. It’s not very common, but if you start your own private data collection for shit and giggles you’ll have to take the necessary steps to comply with the GDPR. Of course you won’t need a data privacy officer or anything like that as an individual, but you do need to take certain precautions.
Now, with the way social media works, I’m pretty sure you can get away with claiming all data collected is necessary to make the system work in the first place, and Lemmy doesn’t even collect all that much data.
Most instances also accept donations and other financial incentives as well. That makes the entire system more complicated. With lemmy.world and other servers being run by Europeans, I’d say a significant part of Lemmy definitely does need to comply with the GDPR.
It doesn’t apply to purely personal use. See Article 2 section 2 ©. For shits and giggles would fall under that.
deleted by creator
I agree. I was replying to your comment that GDPR applies to private data collection for shits and giggles, which isn’t correct. For Lemmy, I’m certain it applies. GDPR applies to small churches even