As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR compliant? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?

Edit: The question “is Lemmy GDPR compliant” should mean, does the software stack provide admins with means to be GDPR compliant.

Edit2: Similar discussion with many interesting opinions on lemmy.ml by /u/infamousbelgian@waste-of.space–> https://lemmy.ml/post/1409164

Edit3: direct link to philpo great answer–>https://feddit.de/comment/840786

  • chaorace@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    There’s no reason why activitypub would be considered any different from email

    Are you sure? Email only sends your message to servers which you explicitly ask it to. If you only trust protonmail, you can choose to only send emails to other protonmail addresses. If protonmail chose to share your emails with other third parties regardless, I can’t help but think maybe that breaches the GDPR.

    Lemmy, by design, propagates copies to instances based on opaque factors outside of the user’s control, even when the UI suggests that you are sending content locally. In the case of posting a comment to a community hosted on your home instance: Lemmy will send a copy to whichever servers happen to have users that are currently subscribed to that community. It’s a very opaque outcome and pretty far from the outcome you’d experience when sending an email message to someone using the same email provider.

    even search engines and internet archives

    Yes, but these are genuinely disconnected entities who come across the data as a user might. Lemmy doesn’t personally phone up Google and send them a copy of your comment as soon as you post it, but that’s basically exactly what happens when Lemmy federates a comment with other instances via ActivityPub.


    FWIW: I think Lemmy as a piece of software is actually very aligned with the interests of the EU more generally and I think it would be a bad idea for them to come down on federated social media as a GDPR issue. I nevertheless worry that it represents untested waters and can certainly imagine a reality where it receives a raw deal from regulators.

    • LoreleiSankTheShip@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Wouldn’t this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren’t they?

    • LoreleiSankTheShip@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Wouldn’t this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren’t they?

    • LoreleiSankTheShip@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Wouldn’t this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren’t they?

    • LoreleiSankTheShip@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Wouldn’t this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren’t they?

    • LoreleiSankTheShip@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Wouldn’t this be solvable by one of those cookie banners or some sort of waiver? After all, the only personal information I can think of that is shared is your username, which anyone can see if they just go to your instance. The post and the comments are public, aren’t they?