Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
What makes it impossible? Why would any given instance maintainer be responsible for the data on someone else's instance? Would it not fall on the GDPR requester to make that request of each individual instance?
The requester can have no idea where his data ended up. That's why the admin who receives the data is responsible for who he gives it to. And he also has to forward the delete request to whoever he gave it to.
Otherwise, customers of an online service that sells their data would have to request deletion from everyone who bought it, which is impossible cause they don't know who that is.
The regulation was written to give people more control over their data, but it has no provision for something like federation, and it also doesn't allow for a "do whatever you want with my data" box the users could check.
The regulation was written to give private users control over what big corporations can do with their data. It doesn't fit for non-commercial (but also not private) use by a loose group of admins. But legally, it still applies.
So then if someone requests that Gmail delete all their email data, is Google then responsible for making sure any emails sent out from it's server to another is also deleted from those external servers?
See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the "controller has made the personal data public", they have legal obligations. When you send an email, you are not making it public.