So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.

If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.

My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?

Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?

Or am I completely misunderstanding how GDPR works?

  • oatmilkmaid@possumpat.io
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 year ago

    Someone correct me if I’m wrong but GDPR doesn’t apply fully to small organizations (less than 250 employees) and mostly only applies if you offer goods and services which is not the case if you’re running a Lemmy instance. If you’re an instance owner with no employees because you’re not a registered business of any sort, you’re not on the hook for anything

    Then again, I am neither European or knowledgeable in GDPR so someone please correct me if I’m wrong.

    Edit: I am wrong see below

    • Hotzilla@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This is incorrect, GDPR is any registery, company size or even profit/nonprofit is not relevant. Even it being digital/in paper is not relevant. If EU citizen is identifiable in registery, it must comply with GDPR.