this post was submitted on 06 Mar 2024
307 points (89.1% liked)
Fediverse
28490 readers
572 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Let's play it out. I have a commercial instance based on the EU, I have a handful of European citizens who I have processed data.
If any of them tells me they want to delete their data, I can run a script that delete all their data from the database. If they want me to tell you what data I collected from them, it's another data query away.
Please do tell me exactly what is illegal about it.
Your instance is tiny and it is manageable. For large instances, it's not "just a single query". You also can't miss anything, so photos and similar - if they have uploaded something.
Also, does your instance have a cookie prompt? If not, then that's a paddlin.
So, you went from "all instances are liable" to "big instances won't be able to handle it". Not only you just moved the goalposts, you are also missing the point of the Lemmy devs: if compliance with GDPR is problematic only for instances that are so big to the point that the volume of requests can not be manually processed, then it's not something that should be a concern for the developers of the main software and the cost to implement such a thing should be born by the admins themselves!
Cookie prompts are only required if you have tracking cookies, which I don't have on my website or any of the instances I run. Cookies used for authentication or basic functionality (let's say to store the user preference for dark mode) are not tracking the user across multiple sites and therefore do not fall into the requirements for disclosure.
Edit: downvoting without a response serves only to show how lost you are in your argument. You spent the best part of the last two days fueling the mob and throwing accusations at the devs and basically making them criminally irresponsible and now you can't even support the premise that EU instances are somehow not able to comply with the law.