This is an opportunity for any users, server admins, or interested third parties to ask anything they’d like to @[email protected] and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.
Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.
Im not a lawyer so I dont know about GDPR. Do you know how similar platforms such as Mastodon handle it?
Hard to say exactly what Mastodon does, but mastodon.social’s privacy policy should give you some direction in how they handle data: https://mastodon.social/privacy-policy
As mastodon.social is based in Germany, they will know about GDPR and have to follow it to the letter.
That sounds like its something for instance admins to handle, nothing we as developers need to care about. Maybe we should add a privacy policy for lemmy.ml but thats it.
Yea it is ultimately on the admins, but Lemmy just needs to not make it hard to comply with GDPR. So it’s up to admins to raise issues when Lemmy is seen as an obstacle to compliance, and it’s up to devs to listen and implement compliance features.
That’s my take on it as well - GDPR is for the individual instances to deal with, as they’re the ones who hold the data on their users and anything coming to them.
The software, of course, can have some design which purges data automatically or whatever, but ultimately the control is whoever is hosting Lemmy so no matter what Lemmy does, people can override it (though some sane defaults are always good, of course).
Wouldn’t it be prudent to build features into Lemmy that make it easy for admins to manage user data though?