Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
  • thundermoose@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 years ago

    GDPR applies to companies operating in the EU, not every single entity on the internet. Posts on random forums are not subject to these laws, so I don’t think Lemmy would count.

    Now if a Lemmy operator began using user personal data for profit, then GDPR would apply. At the moment, I don’t think that’s happening anywhere in the fediverse.

    • Atemu@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      GDPR applies to companies operating in the EU, not every single entity on the internet

      It applies to every single public entity on the internet that holds data of EU citizens. No matter which country they’re located in.
      AFAIK, this world-wide nature of the GDPR is pretty unique and quite contentious.

      The GDPR includes exceptions for private purposes but hosting a lemmy instance with public signups is most certainly not intended to be of private nature, so the GDPR does apply.

      I can’t comment on whether that means the right to be forgotten needs to be exercised by federated instances, I just want to set the record straight here.