So, Iā€™m kinda new to this Lemmy thingy and the fediverse. I like the fediverse from a technological standpoint. However, I think that, if we gain more and more traction, Lemmy (and by extend the entire fediverse) is a GDPR clusterfuck waiting to happen. With big and expensive repercussionsā€¦

Why? Well, according to GDPR, all personal data from EU users must remain in the EU. And personal data goes really far. Even an IP-address is personal data. An e-mail address is personal data. I donā€™t think there is jurisprudence regarding usernames, so that might be up for discussion.

Since the entire goal of the fediverse is ā€œtransportingā€ all data to all servers inside the ActivityPub/fediverse world, the data of a EU member will be transported all over the place. Resulting in a giant GDPR breach. And I have no idea who will be held responsibleā€¦ The people hosting an instance? The developers of Lemmy? The developers of ActivityPub?

Large corporations are getting hefty fines for GDPR breaches. And since Lemmy is growing, Lemmy might be ā€œin the spotlightsā€ in the upcoming years.

I donā€™t like GDPR, and Iā€™m all for the technological setup of the fediverse. However, I definitely can see a ā€œcompetitorā€ (that is currently very large but loosing ground quickly) having a clear eye out to eliminate the competitionā€¦

What do yā€™all thing about this?

    • hardypart@feddit.de
      link
      fedilink
      English
      arrow-up
      0
      Ā·
      1 year ago

      Now if you want to change that, youā€™ll have to request a GDPR deletion from every instance you posted it to.

      Thatā€™s the interesting point. Do I really have to do that or should I be able to rely on my instance owner thatā€™s located in the EU to take care of that? Iā€™m pretty sure none of us can answer this question. Decentralized services like the Fediverse are probably a new challange for GDPR experts.

      • Scaldart@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        Ā·
        1 year ago

        Iā€™m not supposing to have any answers either, but from a personal standpoint it seems rather selfish to even entertain the idea of making an instance owner do that. Itā€™s not like these people are getting paid for a service (aside from donations, in some cases); theyā€™re hosting in the spirit of the fediverse. Why would I pawn legal work off to them?

        • hardypart@feddit.de
          link
          fedilink
          English
          arrow-up
          1
          Ā·
          edit-2
          1 year ago

          it seems rather selfish to even entertain the idea of making an instance owner do that.

          I think you truly underestimate the GDPR, which is fine, because you donā€™t run a huge Lemmy instance. I just hope the admins of the big instances are taking it more seriously, otherwise this could indeed blow up in their faces one day.

        • hardypart@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          Ā·
          1 year ago

          Sure, but I in the end itā€™s not their responsibility.

          You guys sound so confident, itā€™s not even funny. GDPR is a huge topic and everyone who already had to deal with it even marginally knows that OPā€™s fear is absolutely plausible. The GDPR doesnā€™t give a shit about causing major inconviences or huge workload for platform admins. Ever heard about the GDPR nightmare letter?

            • hardypart@feddit.de
              link
              fedilink
              English
              arrow-up
              0
              Ā·
              edit-2
              1 year ago

              edit: In the end, though, of course this is my opinion. IANAL.

              Same here. Iā€™m not sure if Iā€™m right, but neither should anyone else here be sure about this topic.

              But I also know that essentially all serious issues with GDPR are because of companies wanting to violate your privacy, not because a user is using a product as intended.

              What if the product is designed in a way that violates the GDPR? Again, Iā€™m not sure about that, just like OP. We will see how things will turn outā€¦ But as an admin of a large instance Iā€™d be carful for sure.

                • hardypart@feddit.de
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  Ā·
                  1 year ago

                  Which I completely disagree with.

                  I never said that Lemmy is designed in that way, I just say that we canā€™t be sure.

                  If this violates, then every tweeting software, every reddit third-party app would also be ā€œdesigned to violateā€,

                  Where and how do Twitter or Reddit third party apps store personal data?