this post was submitted on 30 Jun 2023
11 points (100.0% liked)
Technology
37719 readers
490 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Question, how would an owner of an instance comply with GDPR request? Try and find that specific user and delete all their posts? What happens if an American, on an American instance, subbed to an EU community? My understanding is that would pull all the posts to the American instance going forward? Would the owner of the American instance be required to comply?
If data moves away from an instance with whom an EU user has an agreement, those third party instances have to be bound by the home instance through agreements/contracts to follow the rules of the GDPR before giving away the data. Also the home instance would have to list all instances that have received data or that could likely receive data through such an agreement. Federation is not a solution to GDPR but it rather makes things incredibly complicated for the instance owners if they tried to comply fully. And from what I've read, Lemmy doesn't even have the technical capabilities to make it possible, yet. Maybe that's what compels Meta. They can just offload responsibility to the instance owners.
this is going to be more an issue for big instances i honestly suspect, however I also hope to see some tools to make compliance easier for people, deletion would just be a purge of the data, you can already do this for a number of sets including a specific user, its mostly for federated data, not sure how it works with home users. you can always manually edit the DB. The tools will need to get better fast.
as for us instances, they would be more likely to just block the EU unless compliance is super easy. its a federation so there is little reason for you to be on on instance so far away, im a big fan of many smaller instances.
imo the big take away is id like those in the EU to know is if you want good GDPR compliance, someone needs to go over the software and make compliance the easy default. For the most part, compliance can be automated.