Comment

Comment on Lemmy's Image Problem

Murvel@lemm.ee ⁨8⁩ ⁨months⁩ ago

Lemmy devs being man children when confronted with GDPR compliance.

And if Lemmy if supposed to better Reddit in basic fucking decency then GDPR is absolutely crucial.

source

Sort:hotnew top

Jumuta@sh.itjust.works ⁨8⁩ ⁨months⁩ ago
how are you supposed to do gdpr compliance on a federated system though?

source
- maynarkh@feddit.nl ⁨8⁩ ⁨months⁩ ago
  You are responsible for data collected by your own instance. If a deletion request comes through, you are responsible for deleting it from your account, and forwarding the deletion request and responses to other instance you federate with. You are in the clear as long as you don’t keep data you legally can’t, and have sufficiently informed other instances of your obligations.
  
  source
  - Badeendje@lemmy.world ⁨8⁩ ⁨months⁩ ago
    No, if you collected the data and shared it with others, simply informing the others is not enough. This is why the platform needs tools for admins to comply.
    
    A proper method, that allows the users to nume their account could already be enough.
    
    source
    maynarkh@feddit.nl ⁨8⁩ ⁨months⁩ ago
    What I mean by informing others is that you have to explicitly forward the deletion request. Not much else you can do I think.
    
    source
    -> View More Comments
- Badeendje@lemmy.world ⁨8⁩ ⁨months⁩ ago
  By defining all I formation that is processed and why.
  
  By not processing and storing any personal identifiable information (an IP address is PII for example) without a clearly defined need.
  
  When stored ONLY using it for the defined purposes. This also means shielding data that should be shielded.
  
  By implementing the mechanics for someone to be forgotten (delete my account, should delete all info, especially PII).
  
  Making sure the mechanics to federate these changes/deletions exist.
  
  source
- SupraMario@lemmy.world ⁨8⁩ ⁨months⁩ ago
  You can’t and this is a shit article…the GDPR doesn’t apply to instance outside of the EU…
  
  The GDPR even applies if no financial transaction occurs if the US company sells or markets products via the Internet to EU residents and accepts the currency of an EU country, has a domain suffix for an EU country, offers shipping services to an EU country, provides translation in the language of an EU country, markets in the language of an EU country, etc.
  
  dickinson-wright.com/…/what-usbased-companies-nee…
  
  Literally people using the GDPR like it’s some gotcha thing for admins. If nothing is sold or offered to be sold and their is no financial gain it’s not going to apply. On top of that good luck suing a FOSS dev.
  
  source
  - maynarkh@feddit.nl ⁨8⁩ ⁨months⁩ ago
    
    You can’t and this is a shit article…the GDPR doesn’t apply to instance outside of the EU…
    
    It absolutely does, if the company processes data of EU residents. The US enforces GDPR themselves, as they have signed an agreement to do so. To be clear, this means that according to US law, if you are a US web host, you can abuse US customer data and the FBI will not come after you, but if you do so with EU customer data, US authorities will come after you on behalf of the EU.
    
    Literally people using the GDPR like it’s some gotcha thing for admins. If nothing is sold or offered to be sold and their is no financial gain it’s not going to apply.
    
    Yeah it does, as soon as you are providing a service, if you have a user from the EU that’s not you, it applies. And while GDPR fines are defined in a revenue percentage, there is a minimum of “up to 10 million EUR” for a violation.
    
    On top of that good luck suing a FOSS dev.
    
    Nobody is getting sued. EU data protection agencies don’t “sue” people and companies. They fine them. The difference is that a lawsuit is a process where at the end you might need to pay money, but you mostly settle. A GDPR fine looks like you get a letter saying you need to pay an amount, if you want to appeal, you can do so after paying.
    
    And it’s not the devs that will be getting these fines, it’s instance admins.
    
    source
    yamanii@lemmy.world ⁨8⁩ ⁨months⁩ ago
    And this is why misskey is a mastodon instance that just blocked access if the person is from the EU, it’s too much to ask for devs in a single digit that survive by donations or their own pocket money, this is a hobby for them.
    
    source
    -> View More Comments
    SupraMario@lemmy.world ⁨8⁩ ⁨months⁩ ago
    
    It absolutely does, if the company processes data of EU residents. The US enforces GDPR themselves, as they have signed an agreement to do so. To be clear, this means that according to US law, if you are a US web host, you can abuse US customer data and the FBI will not come after you, but if you do so with EU customer data, US authorities will come after you on behalf of the EU.
    
    No it does not, the instances are free, no one is making money off user data or selling anything to the user. It does not apply period.
    
    Yeah it does, as soon as you are providing a service, if you have a user from the EU that’s not you, it applies. And while GDPR fines are defined in a revenue percentage, there is a minimum of “up to 10 million EUR” for a violation.
    
    No it does not, if you do not sell anything to anyone or offer any services or make any money it doesn’t apply. Stop repeating bullshit.
    
    Nobody is getting sued. EU data protection agencies don’t “sue” people and companies. They fine them. The difference is that a lawsuit is a process where at the end you might need to pay money, but you mostly settle. A GDPR fine looks like you get a letter saying you need to pay an amount, if you want to appeal, you can do so after paying.
    
    Good luck fining a host admin, of a foss instance. I don’t know why you think that any admins of instances will be getting fined if they’re not selling anything. You need to read up on the GDPR.
    
    And it’s not the devs that will be getting these fines, it’s instance admins.
    
    Again, no they will not.
    
    source
    -> View More Comments