- cross-posted to:
- technology@beehaw.org
- fediverse@lemmy.ml
- cross-posted to:
- technology@beehaw.org
- fediverse@lemmy.ml
Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.
Oh, that’s actually neat. But at the same time, that means every instance owner is responsible for the whole of the Fediverse.
I can imagine that would mean non-compliant instances will get defederated at some point? Or ActivityPub will get some compliance features? It’s not like the EU is unaware of the Fediverse, they are the main monetary supporters behind Lemmy.
I have no clue how jurisprudence would turn out. But keep in mind, this is not about the posts people make. The framework just needs to collect/store as little information as possible that can be considered PII. And it should have a way to remove it.
If Deleting your account results in the PII actually being removed (username, ip address, other profile info, whatever data is stored under the hood) and these removals actually get federated… there should not be an issue.
Then admins maybe have to do something if people start posting PII as messages, but that would probably be doxing and up for removal anyway.
So mainly the issus boil down to:
The issue I see is that if my instance is on the hook for the fediverse at large, and I operate on an allowlist basis, malicious actors can scrape PII and ignore the GDPR, and that would make me the one on the hook for that, isn’t that right?