I put on my robe and wizard hat.

(I am in the UK and make TTRPGs. He/Him.)

  • 0 Posts
  • 30 Comments
Joined 1 year ago
cake
Cake day: June 28th, 2023

help-circle







  • trouser_mouse@lemmy.worldtoFediverse@lemmy.worldGDPR
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Absolutely, sorry I don’t mean to sound like I am arguing with you - sorry if it comes across like that! I agree completely with what you’ve said and you’ve been really helpful with things I didn’t know about. I’m loving Lemmy and want it to succeed and I’m just coming from a place of genuine concern and wanting to see the discussions had, especially where I have dealt with these issues in passing in my day job!




  • trouser_mouse@lemmy.worldtoFediverse@lemmy.worldGDPR
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    This is one reason I think there needs to be a public issue tracker and backlog.

    If issues deleting data is a known issue, that means it is known Lemmy / instances cannot comply with right to be forgotten requests. I think there are also rules around informing people who have made requests why you are not taking action, how they make a complaint (in UK this is to the ICO), and that they have a right to get this enforced though legal proceedings.

    It feels like it’s not just some elements not complying, it’s like a stack of things that just goes on and on!


  • trouser_mouse@lemmy.worldtoFediverse@lemmy.worldGDPR
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Totally agree, there is really valuable discussion to be had and collectively it needs to be resolved and approached holistically and consistently across as many instances as possible. Just because you’re someone running a tiny server doesn’t mean you can’t get absolutely dragged over the coals for breach and or non-compliance.

    Even things like reporting incidents and breaches of the service for each instance - it is very unlikely tiny servers can or will comply with so many aspects of GDPR.

    I think the fact that someone could maliciously (or actually, genuinely) report instances now using a relatively straightforward process should be grounds to get the wheels moving on this really!

    For example, you can report non-compliance with cookie information in a one page form here: https://ico.org.uk/make-a-complaint/cookies/report-cookie-concerns/. The process for consumers to kick off a potentially serious enforceable action is very straightforward.




  • Thank you! Understand - I think the issue is there there is no documented policy on some instances, I don’t know how each instance handles / shares my data and what the retention policies etc are. I seem to remember there are more controls required depending on where the data is being transferred to. Anyway, that’s getting beyond what I am familiar with!