Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.

  • Deleted comments remain on the server but hidden to non-admins, the username remains visible
  • Deleted account usernames remain visible too
  • Anything remains visible on federated servers!
  • When you delete your account, media does not get deleted on any server
  • ZENITHSEEKER
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    The originating instance definitely cannot be held responsible for failing to force a separate instance in another country to delete its cached copy of user data imo. I think what is more likely is that EU courts could force European Jimmy instances to only federate with GDPR-compliant instances. (so federation by whitelist rather than blacklist)

    • philpo@feddit.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is incorrect if the data transfer was done voluntarily/planned. This also applies to EU data outside the EU - Meta has been fined a 1.2 billion euro for that.

      And no, the definitive definition of the data transfer extent is a key point of the GDPR. Each and every data owner has the right to know where their data is stored exactly. So a “EU only” would not be enough - It is basically already mandatory as transfer to other countries is a major problem after Schrems 2.

      • ZENITHSEEKER
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Ah yeah if the originating instance sends data to a secondary one then that is somewhat different.