How big would be the backlash and consequences if one of the instances for eg: .world or .ml turned out to be selling data ?
Is there any laws against it ? Will the admins walk scot free ? This question just popped into my head its not serious but do feel free to answer .
You are viewing a single comment
Why pay money for it if you can simply set up your own instance and get it all anyway?
Perhaps, you won't get IPs, e-mails, passwords, useragents, and other such data. I don't see why there would be any reason to transfer anything past account ID + data.
That stuff would all be considered PII so it would have major GDPR implications. I also don't know if any of that would even be valuable though, except to 3 letter agencies.
Does GDPR apply to non-corporate systems though? Lemmy isn't a corporation right, just a group of people creating code that can run and interface between other self hosted servers
Yes. To my understanding gdpr doesn't care who you are, if you have users and you track their data then you're covered under it.
Interesting, I feel that would be extremely hard to action on in a federated system.
Well, no. Because users choose what they share on the fediverse by writing it and posting it.
Servers processing IP, User Agents, Emails etc as part of security is not part of the agreement to share with the fediverse.
So, an instance that federates will be able to receive the publicly shared information for free (usernames, displaynames, profiles, posts & comments). They wont get any PII that a user does not explicitly share (by writing it in a comment).
But if an instance started selling the information of their own users, then that would be in violation of GDPR.
Yep, only the necessary data is federated. The other relevant data that's logged (which is much less than what other social media platforms collect to be fair) could potentially be abused