Drive we are so privacy focused here. What is to prevent myself or anybody out there, from starting to report individual instances of GDPR and CCPA.

No lemmy insurances are complying with national privacy laws and nobody is talking about it at all.

    • HeartyBeast@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Just to be clear - I don’t think it is in breach but you have federated servers in various countries, some of which may be owned by entities that do business in the EU making copies of and forwarding messages that contain PII .

      • r00ty@kbin.life
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Your email address (personal identifier) is right there in the from field. And in many cases, in the header there might be your IP address.

          • r00ty@kbin.life
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Our point is, sharing the information required to make a network like this work is allowed provided you’re not sending information not required. If you right a post on a community that is shared the information about you (user id, avatar etc) is required to render that message on other federated instances. In the same way as when you send an email the from address is required so that people can reply to the email.

            If we were sending IP addresses and data on your browsing preferences to other instances, there would be an argument because it is not required operate the federated network (although you know the corporate players are all justifying their sharing of exactly that data and more). But we don’t do that.

            • trouser_mouse@lemmy.world
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Thank you! Understand - I think the issue is there there is no documented policy on some instances, I don’t know how each instance handles / shares my data and what the retention policies etc are. I seem to remember there are more controls required depending on where the data is being transferred to. Anyway, that’s getting beyond what I am familiar with!

              • r00ty@kbin.life
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                Yes, definitely and this has prompted me to write one up for mine. Even though right not it is just me, I am open to having around 100 active users on my instance. So this should be clear I think.

                • trouser_mouse@lemmy.world
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  Awesome! I’m pretty sure there are some great websites with resources if you need it, although they likely come with a caveat they are not legal guidance :)

                  • r00ty@kbin.life
                    link
                    fedilink
                    arrow-up
                    2
                    ·
                    1 year ago

                    The ICO have a template. But now I need to go through and see what data is collected and check/adjust retention where relevant (http logs for example).

      • Kichae@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        You send the exact same kind of information when you send an email.

        Username, host, and IP.

        • Jajcus@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          But e-mail is sent from one entity to another, through servers providing service for one or the other party. Most of Lemmy and Mastodon activities are publicly broadcasted and can be received and collected by any federated server.