Was there even a mass exodus? I largely avoid Reddit now, but I do kind of doubt that they’ve been hurt in any meaningful way by all the protests and people leaving…
Was there even a mass exodus? I largely avoid Reddit now, but I do kind of doubt that they’ve been hurt in any meaningful way by all the protests and people leaving…
I’m never to sure about GDPR. The spirit of the law is that any identifiable information has to indeed be removed.
However, does a Lemmy username really fit that definition? If John Doe has all of his Lemmy content under CoolNick89, I’m not sure GDPR applies.
Emails, especially if they contain first and last name, are a different story, but those would only be known by the host instance.
GDPR applies to user names and even IP adresses, according to current case law.
Interesting, thanks. I’ll research this further.
IP addresses make more sense, because they can be used to be cross-checked with your ISP to know who you are.
If you don’t tell anyone your username and use a VPN, there is no way for people to guess your Lemmy username
The law specifically names “online identifier”.
The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. In practice, these also include all data which are or can be assigned to a person in any kind of way. For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.
https://gdpr-info.eu/issues/personal-data/
Thanks for the definition, and that brings us to the next question: I know your identifier, King@lemm.ee. However, does that make you identifiable by me, even indirectly? I have no way to identify you using that information.
I always think that they meant online identifier such as jdoe@company.com, where the identifier indeed directly allows to identify the person.
The CCPA (USA version) and GDPR (EU) both specify Personal Data, not Personally Identifiable Information. So the contents of my posts are my personal data, even if my username doesn’t identify to a real person. If I want my personal data removed from Lemmy, the GDPR allows for me to request it to be deleted.
Lemmy is still in the early stages. I’m not asking for changes to be made right away, or even this year. But I do feel that my personal data should be under my control. Lemmy should be programmed to federate out the the deletion of all my personal data, if I make such a request.
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data
(*) Note the CCPA has a ton of exceptions, and only really applies to the larger social media sites.
Interesting. To be honest, I could see such a feature coming down the line, in a few months let’s say.
However, the question that it bring is, what to do with archive.is or wayback machine? Are those also non-compliant for archiving the pages every so often?
Archive.org (wayback machine) has a request page for removal. I don’t have any knowledge of how they do it.
https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/