That’s a bit misleading to say like that. Go to the website, scroll to the footer and click on “Legal”. Your instance, feddit.de, has a legal notice, with a privacy contact person, mentioning you can request data erasure, and detailing where your data goes. Mine, lemmy.world, has a number of in depth legal documents attached there.
However, yes, other instances they are federated with might not take it as seriously though, and if all your data is going there too, then that’s a hole in your data privacy.
The GDPR notice on feddit.de is not GDPR compliant, and the link isn’t even visible on mobile.
If you request deletion, they can’t guarantee that the data is deleted on federated servers. They can send deletion messages, but federation is constantly not working correctly, other instances can decide themselves whether they do delete stuff, and if an instance is unreachable for a while, the deletion message will be dropped.
Lemmy, or even ActivityPub are designed to be non-GDPR compliant. (Probably not on purpose, but the way it works makes it basically impossible to be GDPR compliant.)
That’s a bit misleading to say like that. Go to the website, scroll to the footer and click on “Legal”. Your instance, feddit.de, has a legal notice, with a privacy contact person, mentioning you can request data erasure, and detailing where your data goes. Mine, lemmy.world, has a number of in depth legal documents attached there.
However, yes, other instances they are federated with might not take it as seriously though, and if all your data is going there too, then that’s a hole in your data privacy.
There are two issues with that:
Lemmy, or even ActivityPub are designed to be non-GDPR compliant. (Probably not on purpose, but the way it works makes it basically impossible to be GDPR compliant.)