So, Iā€™m kinda new to this Lemmy thingy and the fediverse. I like the fediverse from a technological standpoint. However, I think that, if we gain more and more traction, Lemmy (and by extend the entire fediverse) is a GDPR clusterfuck waiting to happen. With big and expensive repercussionsā€¦

Why? Well, according to GDPR, all personal data from EU users must remain in the EU. And personal data goes really far. Even an IP-address is personal data. An e-mail address is personal data. I donā€™t think there is jurisprudence regarding usernames, so that might be up for discussion.

Since the entire goal of the fediverse is ā€œtransportingā€ all data to all servers inside the ActivityPub/fediverse world, the data of a EU member will be transported all over the place. Resulting in a giant GDPR breach. And I have no idea who will be held responsibleā€¦ The people hosting an instance? The developers of Lemmy? The developers of ActivityPub?

Large corporations are getting hefty fines for GDPR breaches. And since Lemmy is growing, Lemmy might be ā€œin the spotlightsā€ in the upcoming years.

I donā€™t like GDPR, and Iā€™m all for the technological setup of the fediverse. However, I definitely can see a ā€œcompetitorā€ (that is currently very large but loosing ground quickly) having a clear eye out to eliminate the competitionā€¦

What do yā€™all thing about this?

    • hardypart@feddit.de
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      Ā·
      1 year ago

      Sure, but I in the end itā€™s not their responsibility.

      You guys sound so confident, itā€™s not even funny. GDPR is a huge topic and everyone who already had to deal with it even marginally knows that OPā€™s fear is absolutely plausible. The GDPR doesnā€™t give a shit about causing major inconviences or huge workload for platform admins. Ever heard about the GDPR nightmare letter?

        • hardypart@feddit.de
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          Ā·
          edit-2
          1 year ago

          edit: In the end, though, of course this is my opinion. IANAL.

          Same here. Iā€™m not sure if Iā€™m right, but neither should anyone else here be sure about this topic.

          But I also know that essentially all serious issues with GDPR are because of companies wanting to violate your privacy, not because a user is using a product as intended.

          What if the product is designed in a way that violates the GDPR? Again, Iā€™m not sure about that, just like OP. We will see how things will turn outā€¦ But as an admin of a large instance Iā€™d be carful for sure.

            • hardypart@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              Ā·
              1 year ago

              Which I completely disagree with.

              I never said that Lemmy is designed in that way, I just say that we canā€™t be sure.

              If this violates, then every tweeting software, every reddit third-party app would also be ā€œdesigned to violateā€,

              Where and how do Twitter or Reddit third party apps store personal data?

      • greeen_tomato@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        Ā·
        1 year ago

        It is a pain for sure if you have to deal with that. I had to read a bit about gdpr back in my old company and I always thought it is more about the protection of personally identifyable information (PII). Like name, IP Adress, email, etc.

        Iā€™m not sure if the gdpr applies to social media posts tbh. Another question is if a pseudonym would be regarded as a PII.