Conversation

Notices

LS (lain@lain.com)'s status on Friday, 21-Feb-2025 02:33:51 JST LS

from time to time i wonder if it's even possible to run a gdpr-compliant fediverse server

In conversation about a day ago from lain.com permalink
- † top dog :pedomustdie: likes this.
- Angry Sun (sun@shitposter.world)'s status on Friday, 21-Feb-2025 02:46:59 JST Angry Sun
  in reply to
  
  @lain imagine the chaos if you just started filing requests to all european servers to remove your data
  
  In conversation about a day ago permalink
- LS (lain@lain.com)'s status on Friday, 21-Feb-2025 02:46:59 JST LS
  in reply to
  - Angry Sun
  @sun there's a bit of talk about it here: https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/
  
  what i most love about the gdpr is the vague threats of legal issues and fines of "millions of euros"
  In conversation about a day ago permalink
  Attachments
  1. Nightmare on Lemmy Street (A Fediverse GDPR Horror Story) - Michael Altfield's Tech Blog
    
    from Michael Altfield
    
    Is the fediverse GDPR-compliant? A horror story of uploading sensitive PII to lemmy and the numerous bugs that blocked its removal.
- LS (lain@lain.com)'s status on Friday, 21-Feb-2025 02:49:30 JST LS
  in reply to
  - Witix :bhjflag_bisexual: :anarchy_punk_demiboy:
  @witix the truth is exactly the opposite, i think
  
  In conversation about a day ago permalink
- Witix :bhjflag_bisexual: :anarchy_punk_demiboy: (witix@mk.absturztau.be)'s status on Friday, 21-Feb-2025 02:49:38 JST Witix :bhjflag_bisexual: :anarchy_punk_demiboy:
  in reply to
  
  @lain@lain.com if megacorporations can somehow be gdpr-compliant, anything can be.
  
  In conversation about a day ago permalink
- ロミンちゃん (romin@shitposter.world)'s status on Friday, 21-Feb-2025 03:00:28 JST ロミンちゃん
  in reply to
  - Angry Sun
  @lain @sun
  >what i most love about the gdpr is the vague threats of legal issues and fines of "millions of euros"
  just bizness as usual on the yuropoor yunion
  
  In conversation about a day ago permalink
  
  LS likes this.
- marcin mikołajczak (mkljczk@pl.fediverse.pl)'s status on Friday, 21-Feb-2025 03:04:20 JST marcin mikołajczak
  in reply to
  - Witix :bhjflag_bisexual: :anarchy_punk_demiboy:
  @witix @lain meta didn't launch federation in the EU for a reason, even they find it challenging to run a gdpr-compliant federated service
  
  In conversation about a day ago permalink
  
  LS likes this.
- LS (lain@lain.com)'s status on Friday, 21-Feb-2025 05:59:56 JST LS
  in reply to
  - CookieJarObserver
  @CookieJarObserver i'm not sure about email either
  
  In conversation about 21 hours ago permalink
- cookiejarobserver@dill.burggit.moe's status on Friday, 21-Feb-2025 05:59:57 JST CookieJarObserver
  in reply to
  
  @lain@lain.com
  
  Yes you only manage your own server and can send delete requests to others its best described as a email service, once its send its gone and won't return.
  
  It would of course be up to courts, but the chance of that description being used is high.
  
  In conversation about 21 hours ago permalink
- cookiejarobserver@dill.burggit.moe's status on Friday, 21-Feb-2025 06:04:51 JST CookieJarObserver
  in reply to
  
  @lain@lain.com
  
  Found the awnser (somewhat)
  
  From https://gdpr.eu/email-encryption/
  
  What the GDPR says:
  
  Data erasure is a large part of the GDPR. It is one of the six data protection principles: Article 5(e) states that personal data can be stored for “no longer than is necessary for the purposes for which the personal data are processed.” Data erasure is also one of the personal rights protected by the GDPR in Article 17, the famous “right to be forgotten.” “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.” There are some exceptions to this latter requirement, such as the public interest. But generally speaking, you have an obligation to erase personal data you no longer need.
  What it means for email:
  
  Many of us never delete emails. There are plenty of good reasons: We may need to refer to them someday as a record of our activities or even for possible litigation. But the more data you keep, the greater your liability if there’s a data breach. Moreover, the erasure of unneeded personal data is now required under European law. Because of the GDPR, you should periodically review your organization’s email retention policy with the goal of reducing the amount of data your employees store in their mailboxes. The regulation requires you to be able to show that you have a policy in place that balances your legitimate business interests against your data protection obligations under the GDPR.
  
  From a technical standpoint, email data erasure can be quite simple and often it can be automated. Proton Mail and some other email services have an expiring email option that allows you to set messages for deletion after a designated length of time. Whatever email retention strategy your organization decides, it’s going to require some getting used to but will significantly lower your GDPR exposure.
  In conversation about 21 hours ago permalink
  Attachments
  1. How does the GDPR affect email? - GDPR.eu
    
    The GDPR requires organizations to protect personal data in all its forms. It also changes the rules of consent and strengthens people’s privacy rights. In this article, we’ll explain...
  LS likes this.
- LS (lain@lain.com)'s status on Friday, 21-Feb-2025 06:08:16 JST LS
  in reply to
  - CookieJarObserver
  @CookieJarObserver
  > Keep in mind that nothing you read here is a good substitute for legal advice. We recommend consulting with an attorney to understand how the GDPR applies to your specific situation.
  
  amazing that thanks to the EU it's not possible to have an email inbox without consulting a lawyer
  
  In conversation about 21 hours ago permalink