• @deegeese@sopuli.xyz
    link
    fedilink
    English
    39
    edit-2
    9 months ago

    Bit of a red herring to put GDPR in the title when the article is about Lemmy missing key admin functions, and only tangentially how this runs afoul of GDPR.

    TL;DR Lemmy hasn’t implemented image deletion for users or admins, so don’t upload your government ID.

    • @woelkchen@lemmy.worldM
      link
      fedilink
      English
      219 months ago

      Bit of a red herring to put GDPR in the title when the article is about Lemmy missing key admin functions, and only tangentially how this runs afoul of GDPR.

      I haven’t read the GDPR, yet, but it’s still a serious issue – GDPR or not. Imagine if Instagram did that. Everybody would seriously go bonkers and rightfully so.

      System administrators often aren’t software developers. Lemmy users need to trust Lemmy admins and Lemmy admins need to trust Lemmy developers. Maybe not letting users delete any uploaded media isn’t outright illegal, maybe it is. I’m in the camp of it being definitively not cool.

      • @deegeese@sopuli.xyz
        link
        fedilink
        English
        2
        edit-2
        9 months ago

        Inflicting lawyers on an open source project is a great way to drive off the developers.

        If I hear Lemmy has a GDPR problem I assume it’s lawyer BS only European instance admins have to worry about.

        If I hear Lemmy has bugs in basic CRUD functionality, that’s a real issue.

          • @kernelle@lemmy.world
            link
            fedilink
            English
            88 months ago

            Yet GDPR requires if you operate anywhere but allow European citizens to register, you have to be GDPR compliant as well, or risk being blocked by an entire continent.

            • @Maalus@lemmy.world
              link
              fedilink
              English
              38 months ago

              You can get fined by the entire continent. And you would need to pay up in that case, if living in the US for instance. The laws aren’t toothless, otherwise everyone would be abusing them, instead go to any US news site in Europe, and they’ll tell you they can’t serve content to you for legal reasons.

              • @kernelle@lemmy.world
                link
                fedilink
                English
                18 months ago

                Oh for sure they will try to fine, but being another sovereignty they have no authority to force a payment.

                • @Maalus@lemmy.world
                  link
                  fedilink
                  English
                  -38 months ago

                  Yeaaaah no. Look it up, you still have to pay up. It’s insanely good for EU citizens. Look at the top fines - Meta, Google, Amazon, Instagram, Facebook, with fines being tens of milions of dollars. The US works with the EU and you still get fined.

                  • @kernelle@lemmy.world
                    link
                    fedilink
                    English
                    58 months ago

                    Ofcourse they do, because they want to keep their business working in Europe. Which doesn’t apply to a decentralized system like the fediverse. But they do not have to pay the fine if they shut down all operations within Europe, which no company wants to do.

              • @lambalicious@lemmy.sdf.org
                link
                fedilink
                English
                -18 months ago

                The laws aren’t toothless, otherwise everyone would be abusing them,

                Have you heard of such small indie developers such as Google, Amazon or Facebook?

                • @Maalus@lemmy.world
                  link
                  fedilink
                  English
                  38 months ago

                  The exact same ones who have millions in fines racked up and are paying them? Yes, I have heard of those.

                  • @lambalicious@lemmy.sdf.org
                    link
                    fedilink
                    English
                    08 months ago

                    You said it yourself: Millions. Not Billions.

                    For these companies, paying such a mundane fine is just the business cost of being able to do whatever they want. The execs figuratively (and perhaps literally too) piss out a fine payment every morning before reading the newspaper company whatsapp account.

        • @woelkchen@lemmy.worldM
          link
          fedilink
          English
          59 months ago

          If I hear Lemmy has bugs in basic CRUD functionality, that’s a real issue.

          Coincidentally I saw bug reports by that person and another person earlier that day (before the blog post was published), including one opened months ago with absolutely no reaction at all of even acknowledging that this is even an issue: https://github.com/LemmyNet/lemmy/issues/3973

          I’ve heard from time to time that Lemmy developers can be difficult to work with (I never worked with them, so I make it clear that this is hearsay) but I have the suspicion that there is some merit to that.

      • @morras@jlai.lu
        link
        fedilink
        English
        128 months ago

        No, Lemmy servers are not exempt from GDPR compliance. The household exemption (you are not subject to gdpr for private activities) only applies for purely personnal activities. As soon as a service is offered to someone else, the exemption is no more applicable.

        That’s one of the drawback about open-source projects, they are designed to fulfill a need (persistent storage & decentralised communication for Lemmy), and no one give a f*ck about legalities.

          • @morras@jlai.lu
            link
            fedilink
            English
            98 months ago

            I’m not so sure about the GDPR status for the Fediverse, I don’t think there’s the law is prepared for “Jerry runs this for people, just for fun”. It’s very much “official organisation” or “money grabbing business” oriented. Someone should fund an actual lawyer to look into this and lay down the real requirements.

            I’m working in the gdpr compiance field ;) Using a personnal device to monitor public space doesn’t fall under the household exception, this solution even pre-dates the GDPR (https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-12/cp140175en.pdf).

            (the case-law is about camera fixed on a private house, but the logic easily translates in a private server grabbing public data).

            but when legal compliance comes up, everybody just sticks their fingers in their ears and pretends not to hear you.

            Just as you did ^^

              • @morras@jlai.lu
                link
                fedilink
                English
                28 months ago

                Article 3 GDPR is straightforward, gdpr will apply.

                The real question is how any kind of authority could enforce it ? Almost no chance that any law enforcement/regulator will bother a single-user instance purely on the ground of gdpr…