Conversation

Notices

1. Embed this notice
   Fish of Rage (sun@shitposter.world)'s status on Wednesday, 11-Jun-2025 20:14:02 JST Fish of Rage
   @oleksandr The EU regulates what form tech can take all the time. Maybe Mastodon won't meet EU basic legal requirements and will have to be banned.
   • Embed this notice
     Fish of Rage (sun@shitposter.world)'s status on Wednesday, 11-Jun-2025 20:15:13 JST Fish of Rage

     in reply to
     @oleksandr I don't think there's any technical limitation preventing a Mastodon server from having identity verification
   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Wednesday, 11-Jun-2025 20:21:26 JST Phantasm

     in reply to
     @sun @oleksandr Federated networks already can't be compliant with GDPR, because there's zero guarantee that deletes federate properly. So far nobody tried to troll an instance operator with GDPR requests, but I wouldn't be surprised if someone tried in the next few years.
   • Embed this notice
     Fish of Rage (sun@shitposter.world)'s status on Wednesday, 11-Jun-2025 20:22:45 JST Fish of Rage

     in reply to

     • Phantasm
     @phnt @oleksandr isn't it your own problem to contact a thousand mastodon servers if you want your content deleted?
   • Embed this notice
     lainy (lain@lain.com)'s status on Wednesday, 11-Jun-2025 20:24:44 JST lainy

     in reply to

     • Phantasm
     @sun @oleksandr @phnt logically yes, GDPR-logically no.
     Phantasm likes this.
   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Wednesday, 11-Jun-2025 20:26:55 JST Phantasm

     in reply to
     @sun @oleksandr Yes and no. It's in a gray area that nobody has the interpretation for. As an operator, you have the responsibility to delete the content and prevent it from getting accessible again (through exclusions on backup restores for example). If that also means making sure that every copy of it on the network is gone, or deleting it only on your end is sufficient, nobody knows yet I think.
     Fish of Rage likes this.
   • Embed this notice
     Fish of Rage (sun@shitposter.world)'s status on Wednesday, 11-Jun-2025 20:30:37 JST Fish of Rage

     in reply to

     • Phantasm
     @phnt @oleksandr if I have to choose between decentralization and gdpr I'll choose decentralization.
     Phantasm likes this.
   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Wednesday, 11-Jun-2025 20:48:45 JST Phantasm

     in reply to

     • Vokainen
     @vokainen099 @oleksandr @sun Read paragraph 2. I think in this case a Fediverse server acts as a data controller since it doesn't process the data on behalf of the controller, but I'm not sure because part of their database seems to be down. What is a reasonable step and a technical measure isn't defined in Art. 4 Definitions.
     
     https://gdpr.eu/article-17-right-to-be-forgotten/
   • Embed this notice
     Vokainen (vokainen099@cawfee.club)'s status on Wednesday, 11-Jun-2025 20:48:46 JST Vokainen

     in reply to

     • Phantasm
     @phnt @oleksandr @sun That would technically apply in other cases even to other web platforms that sold your data at any point to any third party, whether you were willing or not, and, guess what, they can't go and order those third parties to delete your data either, at least demonstrably in a court-compliant manner
     
     So, no, this would not apply only to the federation.
     
     Those regulations are largely unapplied, BTW. They theoretically ban "automated treatments" but, guess what, the Internet is full of bots/AIs that ban/unban or administer other services with or without user input, and none do anything