Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

  • DieguiTux8623@feddit.it
    link
    fedilink
    arrow-up
    20
    ·
    9 months ago

    The first time some random user files a sue in court the admins of their instance will be in trouble.

    Lemmy devs are not affected, but instance admins are and according to the GDPR they are considered “data controllers” and are responsible for the processing of users’ data.

    As far as I understand it, this lacking feature is an open “challenge” to existing regulation and legislators, maybe also to open people’s eyes about the fact that privacy claims are often not enforced even by those who claim to do so.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      7
      ·
      9 months ago

      I’m nog sure what they’ll be sued for. The GDPR is very much written so that DPAs take action, not individual users.

      Even then, instances need to break the law first. If someone asks a server to delete or alter personal information, the instance has a full month to respond. If deletion or alteration cannot take place within a month (doubtful, but theoretically possible), the the change may take even longer.

      You can send a GDPR death letter to an instance admin and the worst you’ve done is annoy an admin who needs to run a bunch of SQL scripts for an one afternoon.

      Lemmy doesn’t process that much personal information. It republishes content on your request, but that’s not necessarily PII. There are a few identifiers (your username, user ID, the private/public key pair used to sign your messages when dealing with federation) but like on many other platforms, those can be changed, with great difficulty. Of course, changing that information WILL break shit on other servers, but you can try!

      When it comes to other servers, you’re kind of screwed. That’s not really a problem, though. You don’t expect Gmail to make everyone you’ve ever emailed delete the stuff they’ve received from you, that’s just not how that works. You could argue that email is more private, but then mailing lists exist that basically do what the Fediverse does but on a larger scale.