this post was submitted on 07 Jul 2023
8 points (56.9% liked)

Fediverse

28297 readers
761 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

Drive we are so privacy focused here. What is to prevent myself or anybody out there, from starting to report individual instances of GDPR and CCPA.

No lemmy insurances are complying with national privacy laws and nobody is talking about it at all.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 8 points 1 year ago (1 children)

Have been asking this myself lately.
People always seem to get defensive about this topic, but if an instance gets challenged on a GDPR investigation it could have a huge fine associated to it.
It is good to have this sorted out, so instance owners don't enter a life changing financial risk.

Currently we probably are too small and fly under the radar, but this could become a big problem as the fediverse scales.

Issues I wonder about:

  1. How safe is the Fediverse? Is there a way for a federated instance to misuse the user data? Or can such activity be detected and cause a defedaration.
  2. How easily can all user data be deleted if a request comes in to remove all personal data? Wouldn't that request have to be extended to all instances your instance is currently federated with?
  3. Instances probably wouldn't be able to handle a bad actor (for example Meta, or spez) that decides to start a mass request attack.
  4. Corporations have lawyers that deal with this stuff, I don't feel like most instance owners have the same kind of protection here.
[โ€“] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Totally agree, there is really valuable discussion to be had and collectively it needs to be resolved and approached holistically and consistently across as many instances as possible. Just because you're someone running a tiny server doesn't mean you can't get absolutely dragged over the coals for breach and or non-compliance.

Even things like reporting incidents and breaches of the service for each instance - it is very unlikely tiny servers can or will comply with so many aspects of GDPR.

I think the fact that someone could maliciously (or actually, genuinely) report instances now using a relatively straightforward process should be grounds to get the wheels moving on this really!

For example, you can report non-compliance with cookie information in a one page form here: https://ico.org.uk/make-a-complaint/cookies/report-cookie-concerns/. The process for consumers to kick off a potentially serious enforceable action is very straightforward.