As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR complient? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?
As the Fediverse grows more and more, rules and regulations become more important. For example, is Lemmy GDPR complient? If not, are admins aware of the possible consequence? What does this mean for the growth of Lemmy?
Does Lemmy even need to be gdpr compliment? It’s not a company, it’s private individuals.
I (with my own single user instance), do not. As soon as you offer your service to other users, it’s different. If you are a company or not, does not matter.
This isn’t true since your single user instance is federated. For example, this comment is going to end up on your instance, and it could have my personal data.
edit: here’s a meta-link to this comment on your instance: https://lemmy.cwagner.me/comment/2786 – despite it originating from lemmy.one and the post being lemmy.ml from a user on lemmy.world (interestingly every person involved in this interaction is on a different instance)
That is a very different way of looking at it. I take the view of this Lemmy privacy policy that you are essentially sending your comment to me, just like an e-mail.
Though unlike an email, it’s public on my instance for now, so yeah, you have a point there.
My eventual plan is to make my instance only visible for logged in users (= only me), but I heard that for now that (the private instance flag) is not possible with federation.
deleted by creator
Is there a guide somewhere? Because experimenting when federation is already as unstable as it is, is hard.
Just like with e-mail, yes. Sending an e-mail to user@example.org does not make you agree to the example.org TOS and PP. Or more relevant to federation, sending an e-mail to a mailing list will end up on hundreds of servers. This is not that new a concept.
I don’t have a guide for you, sorry. I’ve looked into it briefly but I can’t say I care enough to fix it.
I’m pretty sure you’ll be able to go federation only by blocking everything that’s not an
application/ld+jsoncontenttype (technicallyapplication/ld+json; profile="https://www.w3.org/ns/activitystreams"but some servers don’t send the correct Accept headers). The Lemmy frontend submits plain JSON and POST requests and it doesn’t implement the client-server ActivityPub API, so that should be the easiest way to keep federation working while whitelisting your personal IP addresses.Thanks, I’ll bookmark this and have a look when I have some time :D
[This comment has been deleted by an automated system]
It doesn’t apply to purely personal use. See Article 2 section 2 ©. For shits and giggles would fall under that.
I don’t think a networked service repeating collected data to the internet would fall under “purely personal or household activity”.
The exception would make perfect sense for a personal address book or something like that, but if you manage to collect enough data to make leaks a problem for other people I don’t think you’ll get away with “just a personal project”.
I agree. I was replying to your comment that GDPR applies to private data collection for shits and giggles, which isn’t correct. For Lemmy, I’m certain it applies. GDPR applies to small churches even
For now anyways, I can see that changing in the future. Company centric instances with communities for each of their product lines.