this post was submitted on 19 Jun 2023
162 points (97.6% liked)

Technology

37801 readers
216 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it's visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 2 years ago (1 children)

GDPR applies to companies operating in the EU, not every single entity on the internet

It applies to every single public entity on the internet that holds data of EU citizens. No matter which country they're located in.
AFAIK, this world-wide nature of the GDPR is pretty unique and quite contentious.

The GDPR includes exceptions for private purposes but hosting a lemmy instance with public signups is most certainly not intended to be of private nature, so the GDPR does apply.

I can't comment on whether that means the right to be forgotten needs to be exercised by federated instances, I just want to set the record straight here.

[–] [email protected] 0 points 2 years ago (1 children)

The EU may claim GDPR applies to all data of EU citizens no matter where in the world it is stored, but if the entity storing that data does zero business in the EU, there isn't much that can be done to enforce that law. Its the same as US law firms thinking their DMCA claims apply in other countries, etc.

Federated Lemmy instances operating in non-EU nations with no business/holdings/etc in the EU, are under zero obligation to recognise GDPR requirements unless otherwise required somehow to do so by their own national law (say a treaty agreement or the like).

The EU can no more demand or enforce global adherence to their data laws than the US can.

[–] [email protected] 1 points 2 years ago

They can just block access to the site, no?