I’d be really keen to host a lemmy instance but just wondering with GDPR and everything, if there is anything else to consider outside of the technical setup and provisioning of hardware?
Lemmy is storing users data so is there any requirement to do anything GDPR wise?
Hope this is the right place for this - But seen a lot of posts interested in hosting their own lemmy instance, and this is an extension of that
The GDPR doesn’t apply only to services hosted in the EU, but any services handling the data of an EU citizen.
This is why some news outlets in the US just decided to block EU users all together, out of laziness.
IANAL, but the GDPR doesn’t cover pseudonymous data. Actually the GDPR encourages data processors (= services) to use pseudomization.
Personally identifiable information are IPs, email addresses, street address, name, date of birth, … Lemmy only collect IPs and email addresses. And these are not shared between instances.
Whether the service is hosted in the EU or not, as long as it serves EU users, lemmy should provide a way to delete emails and ip information in a self serving way. (maybe by deleting the account) In the mean time, instances admins have to fulfil requests to delete emails/ips of EU citizens from the database.