Was there even a mass exodus? I largely avoid Reddit now, but I do kind of doubt that they’ve been hurt in any meaningful way by all the protests and people leaving…

  • Blaze (he/him)
    link
    fedilink
    41 year ago

    I’m never to sure about GDPR. The spirit of the law is that any identifiable information has to indeed be removed.

    However, does a Lemmy username really fit that definition? If John Doe has all of his Lemmy content under CoolNick89, I’m not sure GDPR applies.

    Emails, especially if they contain first and last name, are a different story, but those would only be known by the host instance.

    • @[email protected]
      link
      fedilink
      3
      edit-2
      1 year ago

      The law specifically names “online identifier”.

      The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of these natural persons. In practice, these also include all data which are or can be assigned to a person in any kind of way. For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.

      https://gdpr-info.eu/issues/personal-data/

      • Blaze (he/him)
        link
        fedilink
        11 year ago

        Thanks for the definition, and that brings us to the next question: I know your identifier, [email protected]. However, does that make you identifiable by me, even indirectly? I have no way to identify you using that information.

        I always think that they meant online identifier such as [email protected], where the identifier indeed directly allows to identify the person.

        • @[email protected]
          link
          fedilink
          11 year ago

          The CCPA (USA version) and GDPR (EU) both specify Personal Data, not Personally Identifiable Information. So the contents of my posts are my personal data, even if my username doesn’t identify to a real person. If I want my personal data removed from Lemmy, the GDPR allows for me to request it to be deleted.

          Lemmy is still in the early stages. I’m not asking for changes to be made right away, or even this year. But I do feel that my personal data should be under my control. Lemmy should be programmed to federate out the the deletion of all my personal data, if I make such a request.

          Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data

          (*) Note the CCPA has a ton of exceptions, and only really applies to the larger social media sites.

    • superkret
      link
      fedilink
      31 year ago

      GDPR applies to user names and even IP adresses, according to current case law.

      • Blaze (he/him)
        link
        fedilink
        11 year ago

        Interesting, thanks. I’ll research this further.

        IP addresses make more sense, because they can be used to be cross-checked with your ISP to know who you are.

        If you don’t tell anyone your username and use a VPN, there is no way for people to guess your Lemmy username