Not at all, just wanted to make sure! I do sometimes wonder if people question if it is a legit discussion, especially given my obviously grown up and sensible user name haha.
Absolutely, sorry I don't mean to sound like I am arguing with you - sorry if it comes across like that! I agree completely with what you've said and you've been really helpful with things I didn't know about. I'm loving Lemmy and want it to succeed and I'm just coming from a place of genuine concern and wanting to see the discussions had, especially where I have dealt with these issues in passing in my day job!
Hopefully there can be a mechanism so that anyone who is an admin or controlling data in instances knows about it and regularly is alerted to any issue which might impact GDPR compliance.
This is one reason I think there needs to be a public issue tracker and backlog.
If issues deleting data is a known issue, that means it is known Lemmy / instances cannot comply with right to be forgotten requests. I think there are also rules around informing people who have made requests why you are not taking action, how they make a complaint (in UK this is to the ICO), and that they have a right to get this enforced though legal proceedings.
It feels like it's not just some elements not complying, it's like a stack of things that just goes on and on!
Hello Academy Award nominated character actress Margot Robbie (sometimes I get mistaken for you). Is it true you were cast in Barbie because you have plastic feet?
Totally agree, there is really valuable discussion to be had and collectively it needs to be resolved and approached holistically and consistently across as many instances as possible. Just because you're someone running a tiny server doesn't mean you can't get absolutely dragged over the coals for breach and or non-compliance.
Even things like reporting incidents and breaches of the service for each instance - it is very unlikely tiny servers can or will comply with so many aspects of GDPR.
I think the fact that someone could maliciously (or actually, genuinely) report instances now using a relatively straightforward process should be grounds to get the wheels moving on this really!
Awesome! I'm pretty sure there are some great websites with resources if you need it, although they likely come with a caveat they are not legal guidance :)
Thank you! Understand - I think the issue is there there is no documented policy on some instances, I don't know how each instance handles / shares my data and what the retention policies etc are. I seem to remember there are more controls required depending on where the data is being transferred to. Anyway, that's getting beyond what I am familiar with!
Not if they are compliant and handle the data correctly, but yes it is a minefield and pretty strict with potential huge fines for non compliance and breaches! I would not want to be in charge of trying to get it all straight for Lemmy!
omg don't use your real name on the internet