I’d be really keen to host a lemmy instance but just wondering with GDPR and everything, if there is anything else to consider outside of the technical setup and provisioning of hardware?

Lemmy is storing users data so is there any requirement to do anything GDPR wise?

Hope this is the right place for this - But seen a lot of posts interested in hosting their own lemmy instance, and this is an extension of that

  • tk338@lemmy.oneOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I think as @[email protected] commented slightly higher up, this might be considered pseudonymised data? The link he provided suggested it was considered personally indentifying information - I’m (as per my question) definitely no expert in this though

    • Daniel Jackson@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      The link I provided says that pseudonymous data can be used to hide personalized data.

      If you are a DPO, you can see the appeal and benefits of pseudonymization. It makes data identifiable if needed, but inaccessible to unauthorized users and allows data processors and data controllers to lower the risk of a potential data breach and safeguard personal data.

      GDPR requires you to take all appropriate technical and organizational measures to protect personal data, and pseudonymization can be an appropriate method of choice if you want to keep the data utility.

      The owner of lemmy.one can use [email protected] to map it to an IP and/or email address. This becomes now personally identifiable data. But other instance owners can’t map it to any personalized data, so it is basically “anonymized data” for them.

      You just have to provide a way to either

      • To delete personally identifiable data
      • Unlink the personally identifiable data from the pseudonymized data on your local instance.

      Disclaimer, IANAL, YMMV, yaddy, yadda,…

      • tk338@lemmy.oneOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Understood, missed that subtelty. The fact emails aren’t actually shared makes it very GDPR “friendly”