Actually, it has implemented deletion for server admins, though the delete needs to be executed through the command line.
As for the GDPR, there are no tools for GDPR compliance. Most Lemmy servers will be practically exempt (as they are personal projects, not businesses) but if you’re stupid enough to set up an organisation or a non-profit for people to donate to, you’re pretty screwed if you run Lemmy. GDPR compliance will require tons of manual database work. Most Lemmy servers seem to be hosted in Europe, so the majority of servers may run into an issue here.
No, Lemmy servers are not exempt from GDPR compliance.
The household exemption (you are not subject to gdpr for private activities) only applies for purely personnal activities. As soon as a service is offered to someone else, the exemption is no more applicable.
That’s one of the drawback about open-source projects, they are designed to fulfill a need (persistent storage & decentralised communication for Lemmy), and no one give a f*ck about legalities.
I’m not so sure about the GDPR status for the Fediverse, I don’t think there’s the law is prepared for “Jerry runs this for people, just for fun”. It’s very much “official organisation” or “money grabbing business” oriented. Someone should fund an actual lawyer to look into this and lay down the real requirements.
The question is, though: what if you’re delivering services to other users? A one-person server on the Fediverse can be GDPR free, but surely lemmy.world can ignore privacy laws like that.
Article 3 GDPR is straightforward, gdpr will apply.
The real question is how any kind of authority could enforce it ?
Almost no chance that any law enforcement/regulator will bother a single-user instance purely on the ground of gdpr…
The same authority that would fine any company or organisation. There may not be much profit involved, but these medium sized Lemmy servers will be processing as much personal information as any medium sized forum or website, so a valid complaint may very well lead to action. At first, I would suspect that “action” here would mean “getting a warning and a set date to get the server’s shit together” before any kind of fine would be applied, but I do wonder how practically possible it is to do so.
Lemmy has millions of users, smaller companies and organisations have been fined before.
Actually, it has implemented deletion for server admins, though the delete needs to be executed through the command line.
As for the GDPR, there are no tools for GDPR compliance. Most Lemmy servers will be practically exempt (as they are personal projects, not businesses) but if you’re stupid enough to set up an organisation or a non-profit for people to donate to, you’re pretty screwed if you run Lemmy. GDPR compliance will require tons of manual database work. Most Lemmy servers seem to be hosted in Europe, so the majority of servers may run into an issue here.
No, Lemmy servers are not exempt from GDPR compliance. The household exemption (you are not subject to gdpr for private activities) only applies for purely personnal activities. As soon as a service is offered to someone else, the exemption is no more applicable.
That’s one of the drawback about open-source projects, they are designed to fulfill a need (persistent storage & decentralised communication for Lemmy), and no one give a f*ck about legalities.
deleted by creator
I’m working in the gdpr compiance field ;) Using a personnal device to monitor public space doesn’t fall under the household exception, this solution even pre-dates the GDPR (https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-12/cp140175en.pdf).
(the case-law is about camera fixed on a private house, but the logic easily translates in a private server grabbing public data).
Just as you did ^^
The question is, though: what if you’re delivering services to other users? A one-person server on the Fediverse can be GDPR free, but surely lemmy.world can ignore privacy laws like that.
Article 3 GDPR is straightforward, gdpr will apply.
The real question is how any kind of authority could enforce it ? Almost no chance that any law enforcement/regulator will bother a single-user instance purely on the ground of gdpr…
The same authority that would fine any company or organisation. There may not be much profit involved, but these medium sized Lemmy servers will be processing as much personal information as any medium sized forum or website, so a valid complaint may very well lead to action. At first, I would suspect that “action” here would mean “getting a warning and a set date to get the server’s shit together” before any kind of fine would be applied, but I do wonder how practically possible it is to do so.
Lemmy has millions of users, smaller companies and organisations have been fined before.