So, Iā€™m kinda new to this Lemmy thingy and the fediverse. I like the fediverse from a technological standpoint. However, I think that, if we gain more and more traction, Lemmy (and by extend the entire fediverse) is a GDPR clusterfuck waiting to happen. With big and expensive repercussionsā€¦

Why? Well, according to GDPR, all personal data from EU users must remain in the EU. And personal data goes really far. Even an IP-address is personal data. An e-mail address is personal data. I donā€™t think there is jurisprudence regarding usernames, so that might be up for discussion.

Since the entire goal of the fediverse is ā€œtransportingā€ all data to all servers inside the ActivityPub/fediverse world, the data of a EU member will be transported all over the place. Resulting in a giant GDPR breach. And I have no idea who will be held responsibleā€¦ The people hosting an instance? The developers of Lemmy? The developers of ActivityPub?

Large corporations are getting hefty fines for GDPR breaches. And since Lemmy is growing, Lemmy might be ā€œin the spotlightsā€ in the upcoming years.

I donā€™t like GDPR, and Iā€™m all for the technological setup of the fediverse. However, I definitely can see a ā€œcompetitorā€ (that is currently very large but loosing ground quickly) having a clear eye out to eliminate the competitionā€¦

What do yā€™all thing about this?

  • hardypart@feddit.de
    link
    fedilink
    English
    arrow-up
    1
    Ā·
    1 year ago

    Sure, but I in the end itā€™s not their responsibility.

    You guys sound so confident, itā€™s not even funny. GDPR is a huge topic and everyone who already had to deal with it even marginally knows that OPā€™s fear is absolutely plausible. The GDPR doesnā€™t give a shit about causing major inconviences or huge workload for platform admins. Ever heard about the GDPR nightmare letter?

      • hardypart@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        Ā·
        edit-2
        1 year ago

        edit: In the end, though, of course this is my opinion. IANAL.

        Same here. Iā€™m not sure if Iā€™m right, but neither should anyone else here be sure about this topic.

        But I also know that essentially all serious issues with GDPR are because of companies wanting to violate your privacy, not because a user is using a product as intended.

        What if the product is designed in a way that violates the GDPR? Again, Iā€™m not sure about that, just like OP. We will see how things will turn outā€¦ But as an admin of a large instance Iā€™d be carful for sure.

          • hardypart@feddit.de
            link
            fedilink
            English
            arrow-up
            1
            Ā·
            1 year ago

            Which I completely disagree with.

            I never said that Lemmy is designed in that way, I just say that we canā€™t be sure.

            If this violates, then every tweeting software, every reddit third-party app would also be ā€œdesigned to violateā€,

            Where and how do Twitter or Reddit third party apps store personal data?

              • hardypart@feddit.de
                link
                fedilink
                English
                arrow-up
                1
                Ā·
                1 year ago

                Lemmy also only stores it on your instance.

                Thatā€™s wrong. When a feddit.de user subscribes to a community on lemmy.world, all the data from the community is going to be replicated to the feddit.de server.

                  • hardypart@feddit.de
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    1
                    Ā·
                    1 year ago

                    Personal and public is not mutually exclusive. My public posts are still my personal data.