this post was submitted on 30 Aug 2024
234 points (97.6% liked)

Ask Lemmy

26734 readers
1511 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics. If you need to do this, try !politicaldiscussion


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either [email protected] or [email protected]. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email [email protected]. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 1 year ago
MODERATORS
 

"The SCOPE Act takes effect this Sunday, Sept. 1, and will require everyone to verify their age for social media."

So how does this work with Lemmy? Is anyone in Texas just banned, is there some sort of third party ID service lined up...for every instance, lol.

But seriously, how does Lemmy (or the fediverse as a whole) comply? Is there some way it just doesn't need to?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 months ago (1 children)

a purely personal or household activity

No chance. This is what makes it legal to share data within a family and, to a degree, among friends. Running an open social media platform is neither a personal nor a household activity.

The UK is not part of the EU. They kept the GDPR when they left, but it should not be assumed that the UK interpretation is always the same.

The GDPR is not very thoroughly enforced; much to the chagrin of some people. This may or may not change in the future. It would be politically quite unpopular, a bit like thoroughly enforcing no-parking zones.

[–] [email protected] 1 points 2 months ago (1 children)

a purely personal or household activity
No chance. This is what makes it legal to share data within a family and, to a degree, among friends. Running an open social media platform is neither a personal nor a household activity.

Hmm.

So running a single user instance for my own personal use (and keeping in mind the nature of federation meaning the only stuff my instance sends out is the stuff that I write) is absolutely not covered by the above?

The UK is not part of the EU. They kept the GDPR when they left, but it should not be assumed that the UK interpretation is always the same.

That is a very good point indeed.

The GDPR is not very thoroughly enforced; much to the chagrin of some people. This may or may not change in the future. It would be politically quite unpopular, a bit like thoroughly enforcing no-parking zones.

Seems risky to rely on low enforcement though. For those of us who love federation and privacy and want to federate while complying with the GDPR - what must be done?

[–] [email protected] 1 points 2 months ago

(and keeping in mind the nature of federation meaning the only stuff my instance sends out is the stuff that I write)

The stuff you write is personal data as long as it can be connected to your identity and so protected under the GDPR. But that's a problem for other people.

Your problem is the personal data of other people that come under your control. For starters, you need to answer this question: What legal basis do you have for processing that data?

For those of us who love federation and privacy and want to federate while complying with the GDPR - what must be done?

They need legal experts on the team. As GDPR-fans will tell you, data protection is a fundamental human right. We don't let just anyone perform surgery, so don't expect that just anyone should be able to run a social media site.

Complying with the GDPR is challenging at the best of times. When you handle personal data, some of it sensitive, at the scale of a fediverse instance, it becomes extremely hard.

Strictly speaking, it's impossible. EG you need to provide information about what you do with the data in simple language. The information also needs to be complete. If the explanation is too long and people just click accept without reading, that's not proper consent. You need to square that circle in a way that any judge will accept. That's impossible for now. Maybe in a few years, when there's more case law, there'll be a solid consensus.

Complying as well as possible will require the input of legal experts, specialized in the law of social media sites. The GDPR is not the only relevant law. There's also the DSA, quite possibly other stuff I am not aware of, and local laws.

Definite problems, I can see:

  1. Under german law, an instance owner has to provide an address, that may be served legal papers.
  2. It's possible to embed images, but under the GDPR, there must not be connections to 3rd party servers without consent. In fact, all out-going links are a problem.
  3. Federation itself. You can't federate with instance, if you haven't made sure that they comply with GDPR.