this post was submitted on 06 Mar 2024
303 points (88.9% liked)

Fediverse

28480 readers
643 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
 

Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

you are viewing a single comment's thread
view the rest of the comments
[–] anders@rytter.me 13 points 8 months ago (1 children)

@deadsuperhero Damn..breaking GDPR is a big problem

[–] Marsupial@quokk.au -4 points 8 months ago (2 children)

If an entity isn’t in Europe it shouldn’t be a problem at all.

[–] Badeendje@lemmy.world 9 points 8 months ago (1 children)

That depends and should depend on what the instance is used for and whom it is used for.

[–] Marsupial@quokk.au -5 points 8 months ago (1 children)

If it's an instance open to anyone, it's up to Europeans to not participate if they don't want to.

[–] Badeendje@lemmy.world 5 points 8 months ago (1 children)

Yeah unfortunately that's not how the law works.

[–] Marsupial@quokk.au -2 points 8 months ago* (last edited 8 months ago) (1 children)
[–] Badeendje@lemmy.world 5 points 8 months ago* (last edited 8 months ago) (1 children)

From your link:

  • a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.

A social networks core purpose is processing data, processing of data does pose risks to people.

I doubt that privacy watchdogs will pursue smaller instances, but pretending it never applies could lead to legal issues.

[–] Marsupial@quokk.au -1 points 8 months ago (1 children)

Eh i still dont think itd hold up.

But more reason to hate European arrogance. Imagine if i could go to say your blog, comment my name and address, and sue you for not going into your database and scrubbing it all. Just another way to benefit big companies at the expense of individuals who dont have the tech skills to comply but want to run their own personal sites.

[–] Badeendje@lemmy.world 2 points 8 months ago (1 children)

Such an ignorant stance. Privacy is an individuals RIGHT. It should have been the defacto stance for everything.

You allowed the corporate fuckery to cloud your thinking it is too much to ask for. It isn't. And GDPR compliance is usually straightforward.

  • is the data required to do what you and the user agree, then be explicit on why and store it. (So the content of a post is required, anything else is not).
  • Do not use data for purposes not explicitly agreed to with the user and remove any data no longer nessecary.
  • certain data can NEVER be stored unless legally required to do so.

If the blog platform in your example had an option to "delete my account" and it would then completely scrubbed this would be plenty compliant probably. As would the option for people to comment without storing anything but the comment.

[–] Marsupial@quokk.au -1 points 8 months ago (1 children)

It is, which is why you have the RIGHT not to use a public space and push your information out to millions of people. You explicitly agreed to it the second you started doing it.

And if it didn’t? If it’s just a simple piece of software made by two people? Should they drop everything to cater to European demands?

Europe invaded the world, then turns around and tells the world to respect its self imposed rule it enforces on others. We can’t even host our own space on the internet without you invading and threatening us to operate your way. The only safety we apparently have is in our small size means we might escape notice.

It’s utter arrogance.

[–] Badeendje@lemmy.world 3 points 8 months ago* (last edited 8 months ago) (1 children)

Europe funds them. Check where they got their money.

Requiring people (yes also tankies devs) to respect human rights as outlined in many treaties is not a fringe stance.

The GDPR was implemented to require entities to respect human rights by giving privacy watchdogs some teeth. It's not some strange law people made because they felt like it. It is apparently needed because privacy is just some silly concept to some people.

If you don't understand all of that, maybe just sit down and be quiet.

[–] sudneo@lemmy.world 2 points 8 months ago (1 children)

To be precise, it's not devs that need to worry about GDPR, it's instance admins. I don't disagree with you, but I think it's an important distinction to make.

[–] Badeendje@lemmy.world 1 points 8 months ago* (last edited 8 months ago) (1 children)

Fair point, it also requires privacy by design though.

And again, why not invest some time into actually respecting privacy. Storing all sorts of info through a framework that is not needed. And at least discuss what is needed and for how long.

It is a work in progress, but there is no need to be hostile about these requirements by people against these rules.

[–] sudneo@lemmy.world 1 points 8 months ago

I am sure that for such small shops it's trivial to explain that resources are extremely limited, I don't see any data protection authority actually pursuing anyone based on the lack of privacy by design. The point is, nobody is forcing you to deploy the software as is, and technically anybody could write tools that bridge the gaps in the software. If the software does not offer data deletion, any instance admin could have identified this gap (a risk assessment for data collection is also needed technically) and wrote a script that would allow to satisfy data deletion requests or anything else that would have made them comply.

That said, I agree that these features are important. I do not agree that they are what the devs should work on right now, or that at least it takes some convincing to convey the fact that these are important features for instance admins to be compliant and for users (in general).

I also get the point about the "I am not taking your word for it" approach. Look how many people in this thread talk about GDPR without actually understanding who is the data controller/processor and who has to be compliant. I can only imagine the amount of uninformed people who open issues and waste time for already busy devs. We are seeing the couple of examples that the article picks, we are not seeing the rest of issues which justify this harsh approach.

The way I see it, having certain features implemented in the Lemmy software is one way to ease compliance for admins, and they should just upvote the issue and explain why it's important for them, possibly even adding a bounty to the feature. OP's approach doesn't seem this and it's much closer to demand stuff, as if the compliance responsibility was on the devs and the donation were some sort of reason to make them work on what other people want.

[–] maynarkh@feddit.nl 3 points 8 months ago

Or the US. The US enforces GDPR on behalf of the EU. If the US catches you with misusing EU citizens' data, they will let the EU take 10 million off your accounts and/or close your instance.