- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.
- Deleted comments remain on the server but hidden to non-admins, the username remains visible
- Deleted account usernames remain visible too
- Anything remains visible on federated servers!
- When you delete your account, media does not get deleted on any server
GDPR likely doesn’t apply to public facing forums in the way you’re thinking, if you post actual personal data (which has a strict definition) yes it’s murkier, but in general just posting on a public facing forum is extremely unlikely to qualify under right to be forgotten under GDPR.
Notably, GDPR is extremely unclear about this specific circumstance, and will likely fall to practicality. The user can make requests for their data to be deleted, those should in general be followed no matter who’s server it’s on, but they have to be given to each server by the user. Following the deletion requests is generally advisable, but again, it’s highly unlikely GDPR applies here. Feel free to get a GDPR lawyer to actually weigh in though.
Part of it will depend on what data you’re holding, and part will depend on who’s running the instance. A lot of people won’t be covered, but I’d wager there’s some here and there who need to consider it.