So, Iā€™m kinda new to this Lemmy thingy and the fediverse. I like the fediverse from a technological standpoint. However, I think that, if we gain more and more traction, Lemmy (and by extend the entire fediverse) is a GDPR clusterfuck waiting to happen. With big and expensive repercussionsā€¦

Why? Well, according to GDPR, all personal data from EU users must remain in the EU. And personal data goes really far. Even an IP-address is personal data. An e-mail address is personal data. I donā€™t think there is jurisprudence regarding usernames, so that might be up for discussion.

Since the entire goal of the fediverse is ā€œtransportingā€ all data to all servers inside the ActivityPub/fediverse world, the data of a EU member will be transported all over the place. Resulting in a giant GDPR breach. And I have no idea who will be held responsibleā€¦ The people hosting an instance? The developers of Lemmy? The developers of ActivityPub?

Large corporations are getting hefty fines for GDPR breaches. And since Lemmy is growing, Lemmy might be ā€œin the spotlightsā€ in the upcoming years.

I donā€™t like GDPR, and Iā€™m all for the technological setup of the fediverse. However, I definitely can see a ā€œcompetitorā€ (that is currently very large but loosing ground quickly) having a clear eye out to eliminate the competitionā€¦

What do yā€™all thing about this?

  • hardypart@feddit.de
    link
    fedilink
    English
    arrow-up
    0
    Ā·
    1 year ago

    Now if you want to change that, youā€™ll have to request a GDPR deletion from every instance you posted it to.

    Thatā€™s the interesting point. Do I really have to do that or should I be able to rely on my instance owner thatā€™s located in the EU to take care of that? Iā€™m pretty sure none of us can answer this question. Decentralized services like the Fediverse are probably a new challange for GDPR experts.

    • Scaldart@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      Ā·
      1 year ago

      Iā€™m not supposing to have any answers either, but from a personal standpoint it seems rather selfish to even entertain the idea of making an instance owner do that. Itā€™s not like these people are getting paid for a service (aside from donations, in some cases); theyā€™re hosting in the spirit of the fediverse. Why would I pawn legal work off to them?

      • hardypart@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        Ā·
        edit-2
        1 year ago

        it seems rather selfish to even entertain the idea of making an instance owner do that.

        I think you truly underestimate the GDPR, which is fine, because you donā€™t run a huge Lemmy instance. I just hope the admins of the big instances are taking it more seriously, otherwise this could indeed blow up in their faces one day.

      • hardypart@feddit.de
        link
        fedilink
        English
        arrow-up
        0
        Ā·
        1 year ago

        Sure, but I in the end itā€™s not their responsibility.

        You guys sound so confident, itā€™s not even funny. GDPR is a huge topic and everyone who already had to deal with it even marginally knows that OPā€™s fear is absolutely plausible. The GDPR doesnā€™t give a shit about causing major inconviences or huge workload for platform admins. Ever heard about the GDPR nightmare letter?

          • hardypart@feddit.de
            link
            fedilink
            English
            arrow-up
            0
            Ā·
            edit-2
            1 year ago

            edit: In the end, though, of course this is my opinion. IANAL.

            Same here. Iā€™m not sure if Iā€™m right, but neither should anyone else here be sure about this topic.

            But I also know that essentially all serious issues with GDPR are because of companies wanting to violate your privacy, not because a user is using a product as intended.

            What if the product is designed in a way that violates the GDPR? Again, Iā€™m not sure about that, just like OP. We will see how things will turn outā€¦ But as an admin of a large instance Iā€™d be carful for sure.

              • hardypart@feddit.de
                link
                fedilink
                English
                arrow-up
                0
                Ā·
                1 year ago

                Which I completely disagree with.

                I never said that Lemmy is designed in that way, I just say that we canā€™t be sure.

                If this violates, then every tweeting software, every reddit third-party app would also be ā€œdesigned to violateā€,

                Where and how do Twitter or Reddit third party apps store personal data?