Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
What does this mean for admins regarding GDPR? Is lemmy still not GDPR complient? Are there options in place if users request their data?
An issue has already been raised: https://github.com/LemmyNet/lemmy-ui/issues/1347
Isn’t this an example of how GDPR can be morphed into an exhaustively wild over-reach that exerts control on open systems and end user internet activities despite being hailed as a privacy protector from corporations with teeth that every corp has already worked around?
Does bitcoin’s blockchain ledger violate the GDPR in the same light, where even though a blockchain address is long, it is still identifiable in the same ways a username or even a random email address can by inspecting a data set and running a search for matching entries? If not, couldn’t we just slap the Fediverse data into a blockchain style system for the whole Fediverse that each instance would act as a node on?
/throws gasoline on a fire
There is a person working on a blockchain version of Lemmy for the purpose of making the data content addressable and allowing it to be shared in a peer to peer system so that the main instance server gets less load. It seems like GDPR is getting in the way of progress or that devs need to do a lot more work on trust in the swarm to make it work.
Can’t be too difficult to script and be made automatic. But remember the nature of FED, you’d only be able to request it from the instance you joined
I’m pretty sure you could request it from any server. Just because it’s federated doesn’t mean the law doesn’t apply to anyone else with personal data.
And it only matters if you care about operating in the jurisdiction of GDPR. Violate it as much as you want if you’re not located there.
Federation doesn’t evade GDPR.
If federation shares data it must do so without violating GDPR.
If your data is hosted on your instance, and shared to other instances, removal must also be shared.
The nature of sharing must at least be obvious and discoverable so you can request info and deletion of updating.
The request for removal must be shared, the removal itself not so much.
If the server isn’t located in the EU, it can happily ignore it (and maybe risk getting blocked in the EU sure)