How can an instance comply with GDPR if they're federated? - eviltoast

So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.

If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.

My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?

Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?

Or am I completely misunderstanding how GDPR works?

      • Dodecahedron December@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        And you know the first thing devs do when they start writing code? They look up laws drafted by non technical people to ensure they are fully in compliance. The priority of lemmy all this time has been GDPR compliance, the fact that the app looks and functions similar to reddit is an afterthought.

        • newIdentity@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 year ago

          It’s not like the devs care about laws since one of the main motivations of creating Lemmy was to create a space where pirated media could be shared. That’s why !piracy@lemmy.ml exists

          Dessaline said that multiple times in the past before Lemmy gained such traction. He’s also the dev of TorrentCSV

          • Dodecahedron December@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            1 contributor’s opinion and the existence of one community does not an argument make.

            the devs don’t care about laws, if you want to put it so broadly, because the devs aren’t the ones who would get in trouble here, anyway. instance owners would likely catch the most trouble, especially because you can also add your own gdpr compliance if you want to.

            also most devs aren’t facebook. most devs don’t really care too much about tracking users. the commercial sector on the other hand…