this post was submitted on 06 Aug 2023
1459 points (98.9% liked)

Announcements

23360 readers
1 users here now

Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

You can also find major news on join-lemmy.org

founded 5 years ago
MODERATORS
 

This is an opportunity for any users, server admins, or interested third parties to ask anything they'd like to @nutomic@lemmy.ml and I about Lemmy. This includes its development and future, as well as wider issues relevant to the social media landscape today.

Note: This will be the thread tmrw, so you can use this thread to ask and vote on questions beforehand.

Original Announcement thread

you are viewing a single comment's thread
view the rest of the comments
[–] 1984 49 points 1 year ago* (last edited 1 year ago) (2 children)

That's what I thought too until I looked it up. It applies to individuals as well.

If an individual runs a web server and processes personal data of individuals within the European Union, then they are subject to the requirements of GDPR. GDPR applies to anyone, including individuals, who processes personal data of EU residents, regardless of whether they are operating as a business or on a personal basis. It's important for the individual running the web server to comply with GDPR's data protection principles and obligations to safeguard the personal data they process.

[–] bdonvr@thelemmy.club 8 points 1 year ago* (last edited 1 year ago) (1 children)

As someone not residing in the EU, I don't see how they could possibly enforce that. Best they could do is block my instance I suppose. Have they done that for any small site?

I mean, I would delete/provide all data of any user who requests me to do so for themselves. But I'm likely not following every facet of the GDPR.

[–] 1984 9 points 1 year ago

They don't work like that, they have no technical capabilites. I think it would work more like a company being ordered to pay a fine if a user on your instance finds out that his data is not deleted if he asks.

But this is complicated so I hope someone else has good input on this topic. Someone must have run a website with registered users in Europe before without being a corporation.

The fediverse brings a new touch to all of this also, since the posts and comments are replicated across instances. Will that matter to the EU law? Maybe, maybe not.

[–] Solarius@lemmy.sdf.org 3 points 1 year ago (2 children)

What does "processing" data mean though?

[–] hikaru755@feddit.de 3 points 1 year ago

Basically, anything that involves the data being present somewhere in information systems that you control. Taking decisions based on it, displaying it on a webpage, make decisions based on it, even just storing it, all counts as processing under GDPR.