• @baseless_discourse@mander.xyz
    link
    fedilink
    17
    edit-2
    8 months ago

    This is a violation of GDPR, no?

    EDIT: user created content is not directly protected under GDPR, only personally identifiable data is pertected under GDPR.

    • lemmyreaderOP
      link
      fedilink
      English
      168 months ago

      Dunno. GDPR is a Europe only thing, and isn’t it only related to how your private data (like name, IP address, phone number) is cared about ?

      • @AccountMaker@slrpnk.net
        link
        fedilink
        78 months ago

        Right, I think it only covers personal information: companies can only collect what they need to run their service, users can request to see their data etc. I don’t think it applies to comments and posts.

      • Captain Beyond
        link
        fedilink
        38 months ago

        I would certainly hope so. Stack Overflow content is Creative Commons licensed, so the argument is basically that the GDPR would take precedence over the CC license grant. It’d be scary if GDPR could be weaponized against forks of free software projects in this manner.

        • @flux@lemmy.ml
          link
          fedilink
          48 months ago

          Would that kind of provision allow me to have my code removed from a git repository history, if that git repository is hosted by a company?

          • @baseless_discourse@mander.xyz
            link
            fedilink
            1
            edit-2
            8 months ago

            I am not a lawyer, but I believe in general, yes.

            Git is not even that convoluted, as all the history is stored in the .git folder within the repo. Unless there is some convoluted structure built on top, they would only need to move the repo folder to a trash disk, waiting to be formated.

            That being said, GDPR is somewhat poorly enforced at the moment, unfortunately. I don’t know if you can sue the company and expect some result within couple of years.

          • @baseless_discourse@mander.xyz
            link
            fedilink
            38 months ago

            I am not a expert or a lawyer, but I believe user actually hold the right to completely erase personal data:

            The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay

            https://gdpr.eu/right-to-be-forgotten/

            Note the word “erasure” as opposed to “anonymize”

            • @WldFyre@lemm.ee
              link
              fedilink
              58 months ago

              I don’t think that addresses my point. Is my opinion on the new Star Wars movies that I post online or some lines of code I suggest “personal data”? I thought personal data had a specific definition under GDPR

              • @nefonous@lemmy.world
                link
                fedilink
                58 months ago

                You’re totally right, the content of your posts is not considered personal data (because it isn’t) It’s more about profiling data that can be connected back to your actual person

              • @baseless_discourse@mander.xyz
                link
                fedilink
                38 months ago

                I think you are right, user generated content doesn’t seem to be protected. This is surprising to me, as user should hold the right to their content, which in my mind should enjoy stronger protection than personal data.

              • Spaenny
                link
                fedilink
                28 months ago

                Technically, they could retain posts from users if they are irreversibly anonymized. However, ensuring with 100% certainty that none of your posts ever contained any personal data that could lead to the identification of you as an individual is challenging. The safest option is therefore to also delete your posts.

    • @refalo@programming.dev
      link
      fedilink
      18 months ago

      How does GDPR get away with not defining what a website is when referring to them directly in the law? Like what counts, only html? http? ftp? gopher?