I put on my robe and wizard hat.

(I am in the UK and make TTRPGs. He/Him.)

  • 18 Posts
  • 24 Comments
Joined 1 year ago
cake
Cake day: June 28th, 2023

help-circle



























  • trouser_mouse@lemmy.worldtoFediverse@lemmy.worldGDPR
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    In the UK a screen name is an identifier. See ICO here. I am in the UK. Therefore combined with other data being collected, e.g. IP. Lemmy and instances I interact with are handling personal data. If it is transferred between instances when I search or view content from one instance to another, there are GDPR implications.


  • trouser_mouse@lemmy.worldtoFediverse@lemmy.worldGDPR
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    This is just at a really high level. Take for example https://lemdro.id. I am in the UK.

    • I do not get cookie information / consent
    • How do I make a SAR request, it isn’t stated
    • What is their data retention and privacy policy, it isn’t stated
    • How do I make a data sharing request as a member of law enforcement or government
    • How is data processed if I am under 16/13
    • Is data transferred from an EU to non-EU server if I search their content from another instance? Are the correct controls and risk assessments in place
    • If I delete my .id account under right to be forgotten, how is my request propagated between other instances to ensure my data isn’t retained somewhere on another instance which has pulled the data
    • If I use an account from another instance and post an image on .id, and then delete my account, is the image I posted deleted from their server and backups etc

    GDPR is very serious and an absolute minefield. I am pretty sure Lemmy and individual instances are not compliant, and I am not sure they can be fully - it may have to be on a best-endeavours basis. Be interesting to see how that holds up under a challenge.