So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.

If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.

My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?

Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?

Or am I completely misunderstanding how GDPR works?

  • Firipu@lemmy.worldOPEnglish
    8·
    1 year ago

    Yeah, that sounds like the most correct take. I don’t think the EU will be happy with that if ActivityPub really blows up. e.g. if Threads joins the federation (and we don’t defederate from their data leeching service), that would become really really complex :)

    • dan@lemm.eeEnglish
      4·
      1 year ago

      Yeah that really could end up being problematic!

      Actually not sure how that’s going to go… presumably it’ll work the same way search engines do cos it’s kinda like holding a copy of public data like they do…