So, Iā€™m kinda new to this Lemmy thingy and the fediverse. I like the fediverse from a technological standpoint. However, I think that, if we gain more and more traction, Lemmy (and by extend the entire fediverse) is a GDPR clusterfuck waiting to happen. With big and expensive repercussionsā€¦

Why? Well, according to GDPR, all personal data from EU users must remain in the EU. And personal data goes really far. Even an IP-address is personal data. An e-mail address is personal data. I donā€™t think there is jurisprudence regarding usernames, so that might be up for discussion.

Since the entire goal of the fediverse is ā€œtransportingā€ all data to all servers inside the ActivityPub/fediverse world, the data of a EU member will be transported all over the place. Resulting in a giant GDPR breach. And I have no idea who will be held responsibleā€¦ The people hosting an instance? The developers of Lemmy? The developers of ActivityPub?

Large corporations are getting hefty fines for GDPR breaches. And since Lemmy is growing, Lemmy might be ā€œin the spotlightsā€ in the upcoming years.

I donā€™t like GDPR, and Iā€™m all for the technological setup of the fediverse. However, I definitely can see a ā€œcompetitorā€ (that is currently very large but loosing ground quickly) having a clear eye out to eliminate the competitionā€¦

What do yā€™all thing about this?

    • hardypart@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      Ā·
      2 years ago

      Sure, but I in the end itā€™s not their responsibility.

      You guys sound so confident, itā€™s not even funny. GDPR is a huge topic and everyone who already had to deal with it even marginally knows that OPā€™s fear is absolutely plausible. The GDPR doesnā€™t give a shit about causing major inconviences or huge workload for platform admins. Ever heard about the GDPR nightmare letter?

        • hardypart@feddit.de
          link
          fedilink
          English
          arrow-up
          1
          Ā·
          edit-2
          2 years ago

          edit: In the end, though, of course this is my opinion. IANAL.

          Same here. Iā€™m not sure if Iā€™m right, but neither should anyone else here be sure about this topic.

          But I also know that essentially all serious issues with GDPR are because of companies wanting to violate your privacy, not because a user is using a product as intended.

          What if the product is designed in a way that violates the GDPR? Again, Iā€™m not sure about that, just like OP. We will see how things will turn outā€¦ But as an admin of a large instance Iā€™d be carful for sure.

            • hardypart@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              Ā·
              2 years ago

              Which I completely disagree with.

              I never said that Lemmy is designed in that way, I just say that we canā€™t be sure.

              If this violates, then every tweeting software, every reddit third-party app would also be ā€œdesigned to violateā€,

              Where and how do Twitter or Reddit third party apps store personal data?

                • hardypart@feddit.de
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  Ā·
                  2 years ago

                  Lemmy also only stores it on your instance.

                  Thatā€™s wrong. When a feddit.de user subscribes to a community on lemmy.world, all the data from the community is going to be replicated to the feddit.de server.