Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

  • maynarkh@feddit.nl
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 months ago

    No it does not, the instances are free, no one is making money off user data or selling anything to the user. It does not apply period.

    As per official EU communication:

    The GDPR applies to:

    • a company or entity which processes personal data as part of the activities of one of its branches established in the EU, regardless of where the data is processed; or
    • a company established outside the EU and is offering goods/services (paid or for free) or is monitoring the behaviour of individuals in the EU.

    Lemmy instances are entities that offer free services and are arguably monitoring the behaviour of individuals in the EU through federation. From the perspective of the GDPR, there is no difference between Facebook and a Lemmy instance regarding what they can or cannot do, or whether they get fined for something.

    You need to read up on the GDPR yourself.

    • SupraMario@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      What personal data is being processed by a Lemmy instance, what are they processing that’s being sold in the EU? The GDPR does not apply here, stop trying to wiggle it into something it’s not.

      • maynarkh@feddit.nl
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        10 months ago

        Usernames at the very least, as online identifiers.

        Art. 4 GDPR Definitions

        For the purposes of this Regulation:

        ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

        And they don’t need to be sold, just retained. GDPR applies even if there is no payment anywhere, even to non-commercial entities.