this post was submitted on 08 Aug 2023
186 points (97.4% liked)

Asklemmy

43892 readers
1075 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Eufalconimorph@discuss.tchncs.de 20 points 1 year ago (1 children)

1: Anything that's federated is public (to instance admins) and can't be reliably deleted.

For ActivityPub, that's pretty much everything except user account.

For email (SMTP) that's sender, recipient, subject, and usually body.

Etc. Instance admins can log whatever they want. Laws like the GDPR or CCPA don't apply to all instances.

2: User signup is much harder because choice paralysis over which instance to join often sets in. That in turn leads to default recommendations, resulting in centralization in a few instances. E.g. lemmy.world, beehaw.org, sh.itjust.works, lemmy.ml for lemmy, Gmail, Apple mail, MS Live email, AWS email options for email.

[โ€“] Ziggurat@sh.itjust.works 1 points 1 year ago (1 children)

For your point 1) The same applies to any other social media or good old phpBB forums that some clubs still use. GDPR still apply as soon as you log personal data of an European user. So if an instance admin does shit with the data they can be charged.

GDPR isn't that complicated, tons of small non profit structure (e.g a sport club) deal with personal data without any issue. If you don't spy your user and do the minimum needed amount of data processing your data privacy policy can hold in a couple of lines. It get huge because big social media spy us

Old-school forums have single points of contact. They're no more private than ActivityPub, but a takedown to the admin is a takedown of all instances. Obviously public data can be cached or archived, so as always you have to send takedowns to every archival service, search engine, and any CDNs too.

The GDPR "applies" whenever an EU resident's data is stored. The enforcement requires some presence in the EU by the entity storing the data. For multinational companies that means if they have any banking services there (e.g. taking payments from EU customers) they have a presence. For individual fediverse admins, that's not necessarily a concern. At worst their instance's domain would get blacklisted to EU users.