Conversation

Notices

1. Embed this notice
   lainy (lain@lain.com)'s status on Friday, 21-Feb-2025 02:33:53 JST lainy
   from time to time i wonder if it's even possible to run a gdpr-compliant fediverse server
   • kaia, Doughnut Lollipop 【記録係】:blobfoxgooglymlem:, ✙ dcc :pedomustdie: :phear_slackware: and Fish of Rage like this.
   • Embed this notice
     Fish of Rage (sun@shitposter.world)'s status on Friday, 21-Feb-2025 02:45:20 JST Fish of Rage

     in reply to
     @lain imagine the chaos if you just started filing requests to all european servers to remove your data
     kaia and Doughnut Lollipop 【記録係】:blobfoxgooglymlem: like this.
     Doughnut Lollipop 【記録係】:blobfoxgooglymlem: repeated this.
   • Embed this notice
     lainy (lain@lain.com)'s status on Friday, 21-Feb-2025 02:47:02 JST lainy

     in reply to

     • Fish of Rage
     @sun there's a bit of talk about it here: https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/
     
     what i most love about the gdpr is the vague threats of legal issues and fines of "millions of euros"
     Fish of Rage likes this.
   • Embed this notice
     Fish of Rage (sun@shitposter.world)'s status on Friday, 21-Feb-2025 02:48:19 JST Fish of Rage

     in reply to
     @lain > I (accidentally) uploaded a photo of my State-issued ID
     
     I feel for him, feels like just about every public server has had this happen at least once
     Doughnut Lollipop 【記録係】:blobfoxgooglymlem: likes this.
   • Embed this notice
     lainy (lain@lain.com)'s status on Friday, 21-Feb-2025 02:49:32 JST lainy

     in reply to

     • Witix :bhjflag_bisexual: :anarchy_punk_demiboy:
     @witix the truth is exactly the opposite, i think
   • Embed this notice
     Witix :bhjflag_bisexual: :anarchy_punk_demiboy: (witix@mk.absturztau.be)'s status on Friday, 21-Feb-2025 02:49:34 JST Witix :bhjflag_bisexual: :anarchy_punk_demiboy:

     in reply to

     @lain@lain.com if megacorporations can somehow be gdpr-compliant, anything can be.

   • Embed this notice
     ロミンちゃん (romin@shitposter.world)'s status on Friday, 21-Feb-2025 03:00:31 JST ロミンちゃん

     in reply to

     • Fish of Rage
     @lain @sun
     >what i most love about the gdpr is the vague threats of legal issues and fines of "millions of euros"
     just bizness as usual on the yuropoor yunion
     lainy likes this.
   • Embed this notice
     Marcin Mikołajczak (mkljczk@pl.fediverse.pl)'s status on Friday, 21-Feb-2025 03:04:22 JST Marcin Mikołajczak

     in reply to

     • Witix :bhjflag_bisexual: :anarchy_punk_demiboy:
     @witix @lain meta didn't launch federation in the EU for a reason, even they find it challenging to run a gdpr-compliant federated service
     lainy likes this.
   • Embed this notice
     kaia (kaia@brotka.st)'s status on Friday, 21-Feb-2025 05:42:43 JST kaia

     in reply to
     Subject: GDPR Data Subject Access Request - Article 15 GDPR
     
     Dear @lain,
     
     I am writing to make a request under Article 15 of the General Data Protection Regulation (GDPR) for a copy of all personal data that lain.com holds about me.
     
     I am requesting:
     
     1. Confirmation of whether you are processing any personal data concerning me
     2. A copy of all personal data you hold about me, including but not limited to:
     - Account information and settings
     - Posts, including boosts and favorites
     - Direct messages
     - Lists of followers and accounts I follow
     - Any other personal data associated with my account
     3. Information about:
     - The purposes of processing
     - Categories of personal data concerned
     - Recipients or categories of recipients with whom the data has been or will be shared
     - Retention period for storing the data
     - Information about the source of the data if not collected directly from me
     - The existence of automated decision-making, including profiling
     
     As per Article 12(3) GDPR, please provide the requested information within one month of receipt of this request. If you need additional time, please inform me.
     
     Please provide the information in a commonly used electronic format.
     
     If you need any additional information to verify my identity, please let me know.
     
     Kind regards,
     Kaia Estra
     Studentenheim sans Klotuer, Karlsruhe
     Date: 2024/02/20
     lainy, Doughnut Lollipop 【記録係】:blobfoxgooglymlem: and Fish of Rage like this.
   • Embed this notice
     Paradox (paradox@raru.re)'s status on Friday, 21-Feb-2025 05:57:36 JST Paradox

     in reply to

     • kaia

     @kaia @lain
     Amused by the thought of you doxxing yourself for a shitpost.

     kaia likes this.
   • Embed this notice
     cookiejarobserver@dill.burggit.moe's status on Friday, 21-Feb-2025 05:59:57 JST CookieJarObserver

     in reply to

     @lain@lain.com
     
     Yes you only manage your own server and can send delete requests to others its best described as a email service, once its send its gone and won't return.
     
     It would of course be up to courts, but the chance of that description being used is high.

   • Embed this notice
     lainy (lain@lain.com)'s status on Friday, 21-Feb-2025 05:59:57 JST lainy

     in reply to

     • CookieJarObserver
     @CookieJarObserver i'm not sure about email either
   • Embed this notice
     cookiejarobserver@dill.burggit.moe's status on Friday, 21-Feb-2025 06:04:53 JST CookieJarObserver

     in reply to

     @lain@lain.com
     
     Found the awnser (somewhat)
     
     From https://gdpr.eu/email-encryption/
     
     What the GDPR says:
     
     Data erasure is a large part of the GDPR. It is one of the six data protection principles: Article 5(e) states that personal data can be stored for “no longer than is necessary for the purposes for which the personal data are processed.” Data erasure is also one of the personal rights protected by the GDPR in Article 17, the famous “right to be forgotten.” “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.” There are some exceptions to this latter requirement, such as the public interest. But generally speaking, you have an obligation to erase personal data you no longer need.
     What it means for email:
     
     Many of us never delete emails. There are plenty of good reasons: We may need to refer to them someday as a record of our activities or even for possible litigation. But the more data you keep, the greater your liability if there’s a data breach. Moreover, the erasure of unneeded personal data is now required under European law. Because of the GDPR, you should periodically review your organization’s email retention policy with the goal of reducing the amount of data your employees store in their mailboxes. The regulation requires you to be able to show that you have a policy in place that balances your legitimate business interests against your data protection obligations under the GDPR.
     
     From a technical standpoint, email data erasure can be quite simple and often it can be automated. Proton Mail and some other email services have an expiring email option that allows you to set messages for deletion after a designated length of time. Whatever email retention strategy your organization decides, it’s going to require some getting used to but will significantly lower your GDPR exposure.

     kaia and lainy like this.
   • Embed this notice
     lainy (lain@lain.com)'s status on Friday, 21-Feb-2025 06:08:19 JST lainy

     in reply to

     • CookieJarObserver
     @CookieJarObserver
     > Keep in mind that nothing you read here is a good substitute for legal advice. We recommend consulting with an attorney to understand how the GDPR applies to your specific situation.
     
     amazing that thanks to the EU it's not possible to have an email inbox without consulting a lawyer
     kaia and Fish of Rage like this.