It’s been handled amazingly well on the whole, too!

I think that tends to be the starting point, but the user base is expanding quickly and is becoming way more diverse. There are already plenty of users who don’t fit in that category, and I suspect it will continue to grow.

Whoever made the post won 1 million lem-coins maybe

I wonder what the one millionth post was (hopefully something dumb)

I think I fall on the side of preemptive defederation, not just because of data harvesting etc but also because the incoming communities will be huge and dwarf anything already here - look at what has happened here already as communities try to merge and establish. Everything dominant will become meta along with whatever mods and rules etc they already have in place. Scary.

If you understand tech, you will get it. But lets face it, most people don’t know wtf they are doing lol

This should be the Fediverse tagline

Not at all, just wanted to make sure! I do sometimes wonder if people question if it is a legit discussion, especially given my obviously grown up and sensible user name haha.

Absolutely, sorry I don’t mean to sound like I am arguing with you - sorry if it comes across like that! I agree completely with what you’ve said and you’ve been really helpful with things I didn’t know about. I’m loving Lemmy and want it to succeed and I’m just coming from a place of genuine concern and wanting to see the discussions had, especially where I have dealt with these issues in passing in my day job!

Absolutely, it is just surprising there has not been quicker action given the severity of the potential consequences.

Hopefully all will be well!

Awesome, thank you so much! I didn’t know :)

Hopefully there can be a mechanism so that anyone who is an admin or controlling data in instances knows about it and regularly is alerted to any issue which might impact GDPR compliance.

This is one reason I think there needs to be a public issue tracker and backlog.

If issues deleting data is a known issue, that means it is known Lemmy / instances cannot comply with right to be forgotten requests. I think there are also rules around informing people who have made requests why you are not taking action, how they make a complaint (in UK this is to the ICO), and that they have a right to get this enforced though legal proceedings.

It feels like it’s not just some elements not complying, it’s like a stack of things that just goes on and on!

Totally agree, there is really valuable discussion to be had and collectively it needs to be resolved and approached holistically and consistently across as many instances as possible. Just because you’re someone running a tiny server doesn’t mean you can’t get absolutely dragged over the coals for breach and or non-compliance.

Even things like reporting incidents and breaches of the service for each instance - it is very unlikely tiny servers can or will comply with so many aspects of GDPR.

I think the fact that someone could maliciously (or actually, genuinely) report instances now using a relatively straightforward process should be grounds to get the wheels moving on this really!

For example, you can report non-compliance with cookie information in a one page form here: https://ico.org.uk/make-a-complaint/cookies/report-cookie-concerns/. The process for consumers to kick off a potentially serious enforceable action is very straightforward.

Awesome! I’m pretty sure there are some great websites with resources if you need it, although they likely come with a caveat they are not legal guidance :)

Totally, I do wonder how compliant these systems can be!

Thank you! Understand - I think the issue is there there is no documented policy on some instances, I don’t know how each instance handles / shares my data and what the retention policies etc are. I seem to remember there are more controls required depending on where the data is being transferred to. Anyway, that’s getting beyond what I am familiar with!

This is really interesting, thank you - I definitely agree there is grey areas and work to be done to ensure compliance as far as is possible!

It will be interesting to see how it all unpacks.

It will be interesting to find out!

Not if they are compliant and handle the data correctly, but yes it is a minefield and pretty strict with potential huge fines for non compliance and breaches! I would not want to be in charge of trying to get it all straight for Lemmy!

How is that a breach of GDPR?

How would they be in breach?