This is an opportunity for any users, server admins, or interested third parties to ask anything they’d like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.

Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.

Original Announcement thread

    • 1984@lemmy.today
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      edit-2
      1 year ago

      That’s what I thought too until I looked it up. It applies to individuals as well.

      If an individual runs a web server and processes personal data of individuals within the European Union, then they are subject to the requirements of GDPR. GDPR applies to anyone, including individuals, who processes personal data of EU residents, regardless of whether they are operating as a business or on a personal basis. It’s important for the individual running the web server to comply with GDPR’s data protection principles and obligations to safeguard the personal data they process.

      • bdonvr@thelemmy.club
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 year ago

        As someone not residing in the EU, I don’t see how they could possibly enforce that. Best they could do is block my instance I suppose. Have they done that for any small site?

        I mean, I would delete/provide all data of any user who requests me to do so for themselves. But I’m likely not following every facet of the GDPR.

        • 1984@lemmy.today
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          They don’t work like that, they have no technical capabilites. I think it would work more like a company being ordered to pay a fine if a user on your instance finds out that his data is not deleted if he asks.

          But this is complicated so I hope someone else has good input on this topic. Someone must have run a website with registered users in Europe before without being a corporation.

          The fediverse brings a new touch to all of this also, since the posts and comments are replicated across instances. Will that matter to the EU law? Maybe, maybe not.

        • hikaru755@feddit.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Basically, anything that involves the data being present somewhere in information systems that you control. Taking decisions based on it, displaying it on a webpage, make decisions based on it, even just storing it, all counts as processing under GDPR.

        • 1984@lemmy.today
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          4
          ·
          1 year ago

          Asking chat gpt, so take it with a bit of salt, but it’s usually correct about these things.

          In the context of data protection and GDPR, “processing” refers to any operation or set of operations performed on personal data. This includes collecting, recording, organizing, storing, adapting, altering, retrieving, using, disclosing, transmitting, and deleting personal data.

          Processing can be done both manually and automatically. It covers a wide range of activities related to personal data, such as capturing information through web forms, analyzing data for marketing purposes, storing customer records in a database, or even just viewing or accessing personal data.

          Under GDPR, any entity or individual involved in processing personal data is required to comply with the regulation’s principles and obligations to protect the rights and privacy of the individuals whose data is being processed.

    • gonzo0815@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      3
      ·
      1 year ago

      That’s not true. You might be thinking about the German network enforcement act. Every little ecommerce website, even when it’s a one-man operation, has to follow GDPR guidelines when they aim at people in the EU.