As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR compliant? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?

Edit: The question “is Lemmy GDPR compliant” should mean, does the software stack provide admins with means to be GDPR compliant.

Edit2: Similar discussion with many interesting opinions on lemmy.ml by /u/infamousbelgian@waste-of.space–> https://lemmy.ml/post/1409164

Edit3: direct link to philpo great answer–>https://feddit.de/comment/840786

  • randomaccount43543@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    GDPR Art 4.(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

    Posts in the Lemmy instances contain information relating to an identifiable natural person (by their user handle), as they contain the person’s ideas and opinions. Therefore the Lemmy instances are handling personal data and must comply with the GDPR.

  • MentalEdge@sopuli.xyz
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Lemmy is GDPR compliant, as far as I know.

    Admins can entirely purge you off their instance, should you ask them to, and other servers do not store any personal details that GDPR would require be deletable. By most interpretations.

    It can be argued that previously federated data that is now out of reach and as such cannot be deleted, could constitute a breach of GDPR.

    • randomaccount43543@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Other servers do store personal data. Any post or comment made by a user is personal data as it contains the thoughts/ideas of that user.

      GDPR Art 4.(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

      • MentalEdge@sopuli.xyz
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        That’s one interpretation. One I illuded to.

        But you can also argue that if the person who made the comment is unidentifiable, there is no “natural person” to make the data GDPR related.

        • aski3252@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Well that depends on the comment, doesn’t it? As far as I understand it, if I posted personal information about you, such as your name, home address, etc, in a comment, you could demand from the admin to remove that comment as it would contain personal information you don’t want in the open.

  • FiveMacs@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    1 year ago

    Does Lemmy even need to be gdpr compliment? It’s not a company, it’s private individuals.