this post was submitted on 27 Jun 2023
201 points (100.0% liked)
Technology
37716 readers
446 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It could affect lemmy administrators. As I understand lemmy federation does include federated removal propagation. Atleast the original instance can send federated notification to delete post or comment. Whether other instances comply is different matter. Since there is no central authority, it would be instance administrator per instance administrator obligation. Thought GDPR does propagate with data transfers. So theoretically for example EU instances might have to limit themselves to federation with instances committing to honoring GDPR notices. At which point "delete this" is not mere protocol requests, it is legal demand. Instance administrator might be held responsible for federation with GDPR non-complying instance.
Just being nice, free and open source doesn't free us from legal obligations. However someone would probably have to actively bring GDPR complain for anything to start happen. Free open source project is low on enforcement pole compared to big Internet businesses.
However some GDPR compliance things might have to be implemented. For example formal declarations of adherence to GDPR, messaging of "this deletion notice comes as result of GDPR request, delete or be in violation".
However I would also note the PII protections are not unlimited. It does have exceptions for legal obligations, legitimate business obligations (you can't demand business deletes all of their information, if they say need your contact information for still pending billing and so on). There is also public interests exception, aka person can't gag order just based on "I don't like this" should it be matter of journalistic/public interest matter. Some others exceptions also, that I don't remember right now.