Hello fellow Lemmings!
Title. Is it possible for Lemmy to abide by the GDPR given that you can’t delete info from other instances?
Hello fellow Lemmings!
Title. Is it possible for Lemmy to abide by the GDPR given that you can’t delete info from other instances?
I’m not a law expert or anything like that, but as far as I understand it, personally identifiable information could potentially also apply to public comments or posts that contain personal information. For example, if I posted revenge-porn of you on lemmy (or any personal information), you would have the right to demand it being deleted.
Is that not a correct interpretation?
Yeah, there were different interpretations there from different counsels. It went from “well, they put it there and we don’t store it anywhere else, so nobody is preventing them from removing it, we don’t need to do anything”, with some “oh this field is actually durably stored somewhere else (such as an olap db or something), so either we need to scrub it there too when someone changes a value, or we can just add a ‘don’t share personal information in this field’ little label on the form”; to doing that kind of stuff on all fields.
Overall, the feeling was that we needed to do best effort depending on how likely it would be for a field to durably contain personal info, for it to smell a judge’s smell test that it was done in good faith, as is often the case in legal matters.