Fediverse

28297 readers

919 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago

MODERATORS

[email protected]

308

Lemmy's Image Problem (Updated 02-06-2024) (wedistribute.org)

submitted 8 months ago* (last edited 8 months ago) by [email protected] to c/[email protected]

201 comments fedilink hide all child comments

Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago) (1 children)

Usernames at the very least, as online identifiers.

Art. 4 GDPR Definitions

For the purposes of this Regulation:

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

And they don't need to be sold, just retained. GDPR applies even if there is no payment anywhere, even to non-commercial entities.

[–] [email protected] 1 points 8 months ago (1 children)

Usernames are not PII...the GDPR only applies if someone is making money from the service. It does not mean just because your site is free but hosts ads or sells user data it's exempt. Lemmy instances do none of this.

[–] [email protected] 2 points 8 months ago (1 children)

Usernames are not PII

What do you think an online identifier is then? And why would the GDPR only apply if there is money made? It specifically says in multiple places free services also count.

[–] [email protected] 1 points 8 months ago (1 children)

https://www.ibm.com/topics/pii#:~:text=Personally%20identifiable%20information%20(PII)%20is,email%20address%20or%20phone%20number.

Usernames are not and never have been considered pii

The GDPR states it clearly that the company/entity has to be collecting pii or selling something to the person. Lemmy does neither of these.

[–] [email protected] 2 points 8 months ago (1 children)

How is IBM authoritative on this subject? And even so, this article doesn't say that usernames are not PII, it even indirectly says it is indirect PII.

Here's another random company's page saying usernames are PII: https://www.keepersecurity.com/blog/2023/06/14/what-is-personally-identifiable-information-pii/

The GDPR says it clearly and explicitly that:

online identifiers such as usernames are PII
selling data or money transactions of any kind is not a requirement for the GDPR rules to apply

[–] [email protected] 0 points 8 months ago (1 children)

Usernames that are used in an internal network are, because they're linked to pii, a public username is not pii.

[–] [email protected] 2 points 8 months ago

And where did you read that? If anything, public usernames are easier to correlate to form identities.