Was there even a mass exodus? I largely avoid Reddit now, but I do kind of doubt that they’ve been hurt in any meaningful way by all the protests and people leaving…
But if that were the case, wouldn’t GDPR already be used to take down TOR or torrents or any other p2p tech? All it would take is someone’s personal information being on them, right? (I’m really asking I have no idea)
Then you adapt to that threat with user exports or built in auto migration methods.
The distributed nature makes it much harder to down the fediverse with legal claims than it does reddit/twitter/whatever already. Just being hosted in different countries makes these claims a stunning pain in the ass, as many countries do not require any compliance with the DMCA.
That’s a good point. Right now if I send something out, even if the company I submitted it to deletes it from their servers, doesn’t mean other users will delete copies of the data I want to have deleted. Only the party I submitted it to will have to delete it.
Just take a screenshot of a tweet or a LinkedIn profile or whatever someone posts here in the Fediverse, anyone can capture a copy of it.
It’s currently impossible to follow a GDPR information delete request for example, because you can’t delete the info from other instances.
What makes it impossible? Why would any given instance maintainer be responsible for the data on someone else’s instance? Would it not fall on the GDPR requester to make that request of each individual instance?
So then if someone requests that Gmail delete all their email data, is Google then responsible for making sure any emails sent out from it’s server to another is also deleted from those external servers?
Unless these instances are showing ads and selling data, I’m pretty sure they’re protected from the law. Not only that but if you’re not hosting in the EU that law doesn’t apply to you.
See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the “controller has made the personal data public”, they have legal obligations.
Yes, but “the controller” is one instance, and it’s certainly easy for one instance to allow a user to be forgotten. You can purge the user from the instance. Then they are forgotten, as far as the instance is concerned.
As an example, just because someone makes a GDPR request on YouTube to delete a video, does not require Google to actually remove the video from the whole internet. There are plenty of websites that archive content which are unaffected by that GDPR request. It’s the exact same thing with different Lemmy instances, just because you ask lemm.ee to delete your content does not mean that lemmy.world needs to delete your content.
I’m never to sure about GDPR. The spirit of the law is that any identifiable information has to indeed be removed.
However, does a Lemmy username really fit that definition? If John Doe has all of his Lemmy content under CoolNick89, I’m not sure GDPR applies.
Emails, especially if they contain first and last name, are a different story, but those would only be known by the host instance.
The law specifically names “online identifier”.
The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. In practice, these also include all data which are or can be assigned to a person in any kind of way. For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.
Thanks for the definition, and that brings us to the next question: I know your identifier, King@lemm.ee. However, does that make you identifiable by me, even indirectly? I have no way to identify you using that information.
I always think that they meant online identifier such as jdoe@company.com, where the identifier indeed directly allows to identify the person.
Makes me wonder if the fediverse shouldn’t be individually instanced. Like Each persons phone/browser is their own individual “instance”. Maybe a central hub/series of hubs (like instances as they are now maybe) that act like dns servers to point everyone around. No content is hosted on them, they just tell everyone’s apps where to look to the other apps for posts.
I have no idea, I’m a moron and I don’t know how the internet actually works. I’m guessing this is a problem at scale.
