Can you provide a source for this statement? According to legal clarification I checked, the rule to permanently delete user data applicable to small businesses as well.
Sorry I answered a bit out of context. Right to Erasure applies no matter the size, it’s the processing of the data records that only applies to companies with 250+ employees.
And Lemmy is GDPR compliant now as if a post/comment is deleted it is removed within 30 days. But it falls down to each instance that federates to process those delete requests. But deleting your account doesn’t delate the content you generated not does it claim to do so.
Thanks. I fully understand that instance admins are responsible to their instance only.
And single post/comment removing logic also makes sense.
But the idea that removing account keeps all content untouched sounds rather questionable from a regular-user centric point of view which GDPR follows. I mean this logic would allow goigle/Facebook/Twitter etc to keep basically everything since this is mostly things you created + metadata.
I will try to find out if/what Lemmy documentation says about this.
Lemmy definetely should add an option to delete all content when deleting the account, but I think the reason it doesn’t is that it would leave big gaps in conversations under posts (e.g. if I were to delete my comments in this thread, your comments would make no sense for anything else reading then). Alternatively they could just unlink it from the account and just leave the post/comment with some placeholder name like deleted.
Agree - properly delete user content in a social system is not that easy as one can think.
The good thing is, Lemmy is not the first social platform which must do this.
I am sure.
In this case, Lemmy contradicts GDPR, and instance admins have legal responsibility.
GDPR only applies to companies with 250+ employees.
Can you provide a source for this statement? According to legal clarification I checked, the rule to permanently delete user data applicable to small businesses as well.
Sorry I answered a bit out of context. Right to Erasure applies no matter the size, it’s the processing of the data records that only applies to companies with 250+ employees.
And Lemmy is GDPR compliant now as if a post/comment is deleted it is removed within 30 days. But it falls down to each instance that federates to process those delete requests. But deleting your account doesn’t delate the content you generated not does it claim to do so.
Thanks. I fully understand that instance admins are responsible to their instance only. And single post/comment removing logic also makes sense. But the idea that removing account keeps all content untouched sounds rather questionable from a regular-user centric point of view which GDPR follows. I mean this logic would allow goigle/Facebook/Twitter etc to keep basically everything since this is mostly things you created + metadata.
I will try to find out if/what Lemmy documentation says about this.
Lemmy definetely should add an option to delete all content when deleting the account, but I think the reason it doesn’t is that it would leave big gaps in conversations under posts (e.g. if I were to delete my comments in this thread, your comments would make no sense for anything else reading then). Alternatively they could just unlink it from the account and just leave the post/comment with some placeholder name like
deleted
.Agree - properly delete user content in a social system is not that easy as one can think. The good thing is, Lemmy is not the first social platform which must do this.