Drive we are so privacy focused here. What is to prevent myself or anybody out there, from starting to report individual instances of GDPR and CCPA.

No lemmy insurances are complying with national privacy laws and nobody is talking about it at all.

  • trouser_mouse@lemmy.worldEnglish
    1·
    1 year ago

    This is just at a really high level. Take for example https://lemdro.id. I am in the UK.

    • I do not get cookie information / consent
    • How do I make a SAR request, it isn’t stated
    • What is their data retention and privacy policy, it isn’t stated
    • How do I make a data sharing request as a member of law enforcement or government
    • How is data processed if I am under 16/13
    • Is data transferred from an EU to non-EU server if I search their content from another instance? Are the correct controls and risk assessments in place
    • If I delete my .id account under right to be forgotten, how is my request propagated between other instances to ensure my data isn’t retained somewhere on another instance which has pulled the data
    • If I use an account from another instance and post an image on .id, and then delete my account, is the image I posted deleted from their server and backups etc

    GDPR is very serious and an absolute minefield. I am pretty sure Lemmy and individual instances are not compliant, and I am not sure they can be fully - it may have to be on a best-endeavours basis. Be interesting to see how that holds up under a challenge.