• morras@jlai.lu
    link
    fedilink
    English
    arrow-up
    0
    ·
    8 months ago

    No, Lemmy servers are not exempt from GDPR compliance. The household exemption (you are not subject to gdpr for private activities) only applies for purely personnal activities. As soon as a service is offered to someone else, the exemption is no more applicable.

    That’s one of the drawback about open-source projects, they are designed to fulfill a need (persistent storage & decentralised communication for Lemmy), and no one give a f*ck about legalities.

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      8 months ago

      My server is closed for registration for a reason :) I think most servers are single-user instances actually.

      I’m not so sure about the GDPR status for the Fediverse, I don’t think there’s the law is prepared for “Jerry runs this for people, just for fun”. It’s very much “official organisation” or “money grabbing business” oriented. Someone should fund an actual lawyer to look into this and lay down the real requirements.

      You’re right that nobody cares about the law on the Fediverse. There’s a lot of shouting about consent when someone bridges your posts, but when legal compliance comes up, everybody just sticks their fingers in their ears and pretends not to hear you.

      • morras@jlai.lu
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        I’m not so sure about the GDPR status for the Fediverse, I don’t think there’s the law is prepared for “Jerry runs this for people, just for fun”. It’s very much “official organisation” or “money grabbing business” oriented. Someone should fund an actual lawyer to look into this and lay down the real requirements.

        I’m working in the gdpr compiance field ;) Using a personnal device to monitor public space doesn’t fall under the household exception, this solution even pre-dates the GDPR (https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-12/cp140175en.pdf).

        (the case-law is about camera fixed on a private house, but the logic easily translates in a private server grabbing public data).

        but when legal compliance comes up, everybody just sticks their fingers in their ears and pretends not to hear you.

        Just as you did ^^

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          English
          arrow-up
          0
          ·
          8 months ago

          The question is, though: what if you’re delivering services to other users? A one-person server on the Fediverse can be GDPR free, but surely lemmy.world can ignore privacy laws like that.

          • morras@jlai.lu
            link
            fedilink
            English
            arrow-up
            0
            ·
            8 months ago

            Article 3 GDPR is straightforward, gdpr will apply.

            The real question is how any kind of authority could enforce it ? Almost no chance that any law enforcement/regulator will bother a single-user instance purely on the ground of gdpr…