I think you’re putting the cart before the horse. I’m not suggesting they destroy information after a court order.
They do have to comply with various laws, but they are not required to store user information at times when there’s not pending legal filings, and they are not required to store that information for every single user even if there were filings. Courts have to make very concise requests for information. They can’t just say, “Give me your entire database,” unless there was a prescient reason why the entire database was required to make the case (and a judge would have to weigh whether collecting the information of unrelated parties was too invasive).
Any Lemmy instance stores identifying information for technical reasons
Yes, but they do not have to. They do, in order to service their instances, but unless there is a law that compels storing identifying information, they do not have to do it.
If identifying-information-storage was so vital, logless VPNs wouldn’t exist.
Anyway, all of that is beside the point. No business will break the law for you. They’re “refusing” to comply, because they don’t have to (jurisdiction), they have had a torrent of bad press lately, and they’re trying to put on an air of being user-centric to entice people to stay.
futatorius@lemm.ee 1 year ago
If the information is not explicitly required by law to be retained, then there is no penalty for deleting expired information in accordance with the firm’s retention policy.
Having designed and implemented site retention policies in a country with GDPR-like laws, what this means in practice is that you’re a fool to retain anything longer than you absolutely have to for compliance or essential business reasons. Retained information is a liability and a legal risk.
General_Effort@lemmy.world 1 year ago
Yes, which is why I think a company like Reddit plausibly holds less information than an Australian Lemmy instance.