As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR compliant? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?

Edit: The question “is Lemmy GDPR compliant” should mean, does the software stack provide admins with means to be GDPR compliant.

Edit2: Similar discussion with many interesting opinions on lemmy.ml by /u/infamousbelgian@waste-of.space–> https://lemmy.ml/post/1409164

  • FiveMacs
    42 years ago

    Does Lemmy even need to be gdpr compliment? It’s not a company, it’s private individuals.

    • @cwagner@lemmy.cwagner.me
      52 years ago

      I (with my own single user instance), do not. As soon as you offer your service to other users, it’s different. If you are a company or not, does not matter.

      Edit: So to clarify, the Lemmy developers need not worry, the instance admins do. That said, IME (literally, our local DPA contacted us about compliance issues where I work), they (DPAs) are interested in helping people be compliant, not suing them.

      • @heartlessevil@lemmy.one
        32 years ago

        This isn’t true since your single user instance is federated. For example, this comment is going to end up on your instance, and it could have my personal data.

        edit: here’s a meta-link to this comment on your instance: https://lemmy.cwagner.me/comment/2786 – despite it originating from lemmy.one and the post being lemmy.ml from a user on lemmy.world (interestingly every person involved in this interaction is on a different instance)

        • @cwagner@lemmy.cwagner.me
          22 years ago

          That is a very different way of looking at it. I take the view of this Lemmy privacy policy that you are essentially sending your comment to me, just like an e-mail.

          Though unlike an email, it’s public on my instance for now, so yeah, you have a point there.

          My eventual plan is to make my instance only visible for logged in users (= only me), but I heard that for now that (the private instance flag) is not possible with federation.

            • @cwagner@lemmy.cwagner.me
              12 years ago

              You can disable most endpoints in your application firewall, or put them behind a whitelist. For federation to succeed you don’t need all that many publicly reachable endpoints (mostly a bunch of inboxes and the data for your own user account).

              Is there a guide somewhere? Because experimenting when federation is already as unstable as it is, is hard.

              My post will end up on your server but also on the server this community is hosted on, from which it’ll end up on hundreds or thousands of other servers. I’ve never agreed to any of their privacy policies and terms of service and neither has anyone else here.

              Just like with e-mail, yes. Sending an e-mail to user@example.org does not make you agree to the example.org TOS and PP. Or more relevant to federation, sending an e-mail to a mailing list will end up on hundreds of servers. This is not that new a concept.

      • @Dislodge3233@feddit.de
        22 years ago

        It doesn’t apply to purely personal use. See Article 2 section 2 ©. For shits and giggles would fall under that.

          • @Dislodge3233@feddit.de
            12 years ago

            I agree. I was replying to your comment that GDPR applies to private data collection for shits and giggles, which isn’t correct. For Lemmy, I’m certain it applies. GDPR applies to small churches even

    • @Poseidon@lemmy.world
      12 years ago

      For now anyways, I can see that changing in the future. Company centric instances with communities for each of their product lines.