Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.
- Deleted comments remain on the server but hidden to non-admins, the username remains visible
- Deleted account usernames remain visible too
- Anything remains visible on federated servers!
- When you delete your account, media does not get deleted on any server
Yeah. GDPR §7 is very clear on that. And the removal must be facilitated by the original data collection point - so e.g. Beehaw is liable that all other servers delete the personal data if Beehaw willingly distributed the data there. (It gets more interesting because Data transfer from a EU to a non-EU server is also basically impossible and of course the initial server would need a data transfer agreement with all following nodes)