Been just linked to this post, that claims that on Lenny:

  • Messages are never deleted, only hidden, a GDPR violation
  • Deleted usernames are also not deleted, only hidden, same thing
  • Stuff remains on federated servers even if you delete it
  • There’s no way to delete yourself from the network if you choose to do so

Gut feeling says none of this is true or is only half truths, but want to be sure before i invest myself heavily on this platform.

  • TheTrueLinuxDev@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    As I said, it only within the CONFINE OF THE EU JURISDICTION. Your law have no power over the American citizen and we don’t have to comply with GDPR and neither does Lemmy that is hosted in USA do.

    Lemmy was created to support federation of servers and the inherent problem with that is that it is incompatible with GDPR legal system, because while you can enforce GDPR on one server, you can’t guarantee enforcement of it on any other servers that retain your posts or threads, because they can retain a copy of your posts thereby defeating your “right to be forgotten.” So in that context, even if that one server comply with your GDPR request, is your government still going to punish that one server for something outside of their control? Lemmy, PeerTube, Mastodon, and so forth all have servers to tackle the crux of the problem in social media, The Network Effect. When you set up one server, you would notice that your one server have no content when you don’t have visitors or users using that server, so you have to connect to other servers to get the contents you want and so forth, the trade off is that you can’t control what goes on in that other server unless they’re kind enough to give you some of that measure of control which is no guarantee.

    • jherazob@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      It doesn’t matter where the service is hosted, if it serves EU citizens it MUST comply with the GDPR, even if it’s hosted in USA, that’s why even the big companies like Google, Microsoft and all the others comply (or SAY they do, no one trusts FB on data deletion). So yes, they DO have power there.

      Also, from what i understand you’re assuming federation means that everything is everywhere. That is not true. From what i see from Lemmy’s mechanisms (and from what my critical lack of caffeine allows me at the moment), if something is deleted on one instance it should get deleted on all as Lemmy sends the deletion request to other instances, and anything remaining from other places should be eventually deleted and flushed out of caches, that part shouldn’t be an issue there. So, the instance admins would be responsible only for the data of the users in their servers, not the others. And yes, they WOULD be responsible and legally liable if this is in fact a violation (still not sure, might be OK and not even a problem as “restriction of processing” from article 18, i guess i’ll continue searching tomorrow, it’s 2AM here and i’m done).