Lemmy's Image Problem
wedistribute.org
The popular Reddit alternative's user count has grown a lot over the past year. One problem, though: users and admins can't delete images.

Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

  • @maynarkh@feddit.nlEnglish
    44 months ago

    It does apply, but not to the Lemmy devs, but to the instance admins.

    As it stands, you can’t legally host a Lemmy server in either the EU or the US (or places they can reach) and federate with the 'verse at large without fear that the authorities will come after you.

    • @SupraMario@lemmy.worldEnglish
      -24 months ago

      This is not true at all, you can host a instance in the USA for free and not be subjective to the GDPR. You’re not selling anything, or marketing anything or doing any data collection to be sold. It %100 does not apply.

      • @maynarkh@feddit.nlEnglish
        14 months ago

        GDPR article 3, and the EU-US Data Protection Umbrella Agreement concluded in the US in December 2016 which makes it US law disagree.

          • @maynarkh@feddit.nlEnglish
            14 months ago

            Lemmy instances offer services to me as an in-EU data subject, and that makes it subject under the very Article 3/2 (a) you linked.

            the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union

            Since there is federation, a US-based instance would still be a data processor if it IP blocked be as coming from the EU.

            I did in fact read it.

            • @SupraMario@lemmy.worldEnglish
              14 months ago

              Read the rest of it, instead of cherry picking shit. The instance needs to be collecting your data and selling it or making some sort of money off of it.

                • @SupraMario@lemmy.worldEnglish
                  14 months ago

                  the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or the monitoring of their behaviour as far as their behaviour takes place within the Union.

                  Lemmy doesn’t sell anything and it doesn’t monitor you or collect pii.

                  • @maynarkh@feddit.nlEnglish
                    24 months ago

                    Anything that someone’s identity can be even indirectly inferred is PII. The GDPR explicitly defines usernames as online identifiers as PII.

                    The whole “irrespective of whether a payment of the data subject is required” bit is so that it applies to free services like Lemmy as well. Lemmy provides me with a free service. It even monitors me through federation, since it scrapes my username and comments from other instances without my affirmative and explicit consent. Using a service, no matter its nature, is not consent as required by the GDPR.

                    There is an explicit cutout for services you offer yourself or your household members. The reason it is there is that free services like Lemmy absolutely do qualify.