1: Anything that’s federated is public (to instance admins) and can’t be reliably deleted.
For ActivityPub, that’s pretty much everything except user account.
For email (SMTP) that’s sender, recipient, subject, and usually body.
Etc. Instance admins can log whatever they want. Laws like the GDPR or CCPA don’t apply to all instances.
2: User signup is much harder because choice paralysis over which instance to join often sets in. That in turn leads to default recommendations, resulting in centralization in a few instances. E.g. lemmy.world, beehaw.org, sh.itjust.works, lemmy.ml for lemmy, Gmail, Apple mail, MS Live email, AWS email options for email.
For your point 1)
The same applies to any other social media or good old phpBB forums that some clubs still use. GDPR still apply as soon as you log personal data of an European user. So if an instance admin does shit with the data they can be charged.
GDPR isn’t that complicated, tons of small non profit structure (e.g a sport club) deal with personal data without any issue. If you don’t spy your user and do the minimum needed amount of data processing your data privacy policy can hold in a couple of lines. It get huge because big social media spy us
Old-school forums have single points of contact. They’re no more private than ActivityPub, but a takedown to the admin is a takedown of all instances. Obviously public data can be cached or archived, so as always you have to send takedowns to every archival service, search engine, and any CDNs too.
The GDPR “applies” whenever an EU resident’s data is stored. The enforcement requires some presence in the EU by the entity storing the data. For multinational companies that means if they have any banking services there (e.g. taking payments from EU customers) they have a presence. For individual fediverse admins, that’s not necessarily a concern. At worst their instance’s domain would get blacklisted to EU users.
1: Anything that’s federated is public (to instance admins) and can’t be reliably deleted.
For ActivityPub, that’s pretty much everything except user account.
For email (SMTP) that’s sender, recipient, subject, and usually body.
Etc. Instance admins can log whatever they want. Laws like the GDPR or CCPA don’t apply to all instances.
2: User signup is much harder because choice paralysis over which instance to join often sets in. That in turn leads to default recommendations, resulting in centralization in a few instances. E.g. lemmy.world, beehaw.org, sh.itjust.works, lemmy.ml for lemmy, Gmail, Apple mail, MS Live email, AWS email options for email.
For your point 1) The same applies to any other social media or good old phpBB forums that some clubs still use. GDPR still apply as soon as you log personal data of an European user. So if an instance admin does shit with the data they can be charged.
GDPR isn’t that complicated, tons of small non profit structure (e.g a sport club) deal with personal data without any issue. If you don’t spy your user and do the minimum needed amount of data processing your data privacy policy can hold in a couple of lines. It get huge because big social media spy us
Old-school forums have single points of contact. They’re no more private than ActivityPub, but a takedown to the admin is a takedown of all instances. Obviously public data can be cached or archived, so as always you have to send takedowns to every archival service, search engine, and any CDNs too.
The GDPR “applies” whenever an EU resident’s data is stored. The enforcement requires some presence in the EU by the entity storing the data. For multinational companies that means if they have any banking services there (e.g. taking payments from EU customers) they have a presence. For individual fediverse admins, that’s not necessarily a concern. At worst their instance’s domain would get blacklisted to EU users.