this post was submitted on 21 Jun 2023
22 points (84.4% liked)

Lemmy

12557 readers
19 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 

So, I’m kinda new to this Lemmy thingy and the fediverse. I like the fediverse from a technological standpoint. However, I think that, if we gain more and more traction, Lemmy (and by extend the entire fediverse) is a GDPR clusterfuck waiting to happen. With big and expensive repercussions…

Why? Well, according to GDPR, all personal data from EU users must remain in the EU. And personal data goes really far. Even an IP-address is personal data. An e-mail address is personal data. I don’t think there is jurisprudence regarding usernames, so that might be up for discussion.

Since the entire goal of the fediverse is “transporting” all data to all servers inside the ActivityPub/fediverse world, the data of a EU member will be transported all over the place. Resulting in a giant GDPR breach. And I have no idea who will be held responsible… The people hosting an instance? The developers of Lemmy? The developers of ActivityPub?

Large corporations are getting hefty fines for GDPR breaches. And since Lemmy is growing, Lemmy might be “in the spotlights” in the upcoming years.

I don’t like GDPR, and I’m all for the technological setup of the fediverse. However, I definitely can see a “competitor” (that is currently very large but loosing ground quickly) having a clear eye out to eliminate the competition…

What do y’all thing about this?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (1 children)

The last paragraph you quoted is in reference to individual responsability and how they access the data. It's equivalent to saying "don't look at at this Fediverse post: you are GDPR compliant!". This only helps you in litigation. We both know that says nothing of where the data can exist. And this is true for any federated system, including email.

It's also completely asinine. Suddenly we need to burn snail mail after reading it? Why receive any mail at all if everything is a giant piece of liability? There's a social contract in communication: a certain assumption that if you give someone a piece of informtion, you are doing just that: giving, not lending. "Lending information" upsets the social structure. GDPR has to be tempered in reality, and this starts even before the fediverse.

Like I said, GDPR is imperfect. It was written in the context of and solves a problem created by centralized institutions and large beaurocracies. It is also completely unenforceable in a decentralized system. It hardly seems relevant anyway.

Realisticalpy speaking, those tempered interpretations are probably already existant, and there is already enough precedent for this to be a nothing burger.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

This whole thread is full of interpretations and gut feelings. Literally no one here backs up their claims with any kind of evidence.

[–] [email protected] 4 points 1 year ago (1 children)

Unsurprising considering we are in uncharted territory here.

[–] [email protected] 2 points 1 year ago

Absolutely, but many people in this thread are acting like everything was totally clear, fine and well defined already.