“The SCOPE Act takes effect this Sunday, Sept. 1, and will require everyone to verify their age for social media.”

So how does this work with Lemmy? Is anyone in Texas just banned, is there some sort of third party ID service lined up…for every instance, lol.

But seriously, how does Lemmy (or the fediverse as a whole) comply? Is there some way it just doesn’t need to?

  • General_Effort@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    Still, the archival nature of decentralized communities is one of the primary objectives of the technology. It’s arguably the defining feature of any decentralized thing that no one controls everything so things are meant to stay “forever”. Otherwise Bitcoin would be completely ilegal since there’s no way to delete information there.

    Any number of people here will happily tell you where to shove your illegal technology. In truth, the GDPR is explicitly meant to limit what may be done with existing technology.

    With crypto, one can make use of some existing exceptions and perhaps create compliant apps. I’m not familiar with those. Much that stuff is not compliant. There isn’t a lot of enforcement.


    So that’s my bad. I pointed out the issue with the right to erasure to highlight the problem, In truth, the probable violation happens when the data is shared. With e-mail, the user sends their own data, just like while clicking links. The transfer of data for lemmy federation is under the control of the instances involved. It might still be okay, like serving the data over the web. But that requires the user to know what’s going on.

    If you could hand-wave these problems away so easily, Meta would not be paying those huge fines. What do you actually think that’s about?

    • Nibodhika@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      Data in Bitcoin is undeletable, it’s impossible for any law to force anything from being deleted on Bitcoin. Then the same exceptions that apply there would apply to Lemmy since the technology is similar in the relevant aspects (besides deletion being theoretically possible on Lemmy).

      As for Meta, the problem is that the data they’re sharing is not public. Meta is not getting fined for sharing things you posted on your publicly, since they share those regardless by virtue of them existing and being publicly available, they’re fined for sharing things you put privately or data derived from non publicly available sources such as how you interact with Meta.

      Any information that a user willingly makes public can be processed in any way, even if it includes identifiable medical information (which is the biggest no-no of GDPR). It even has a specific point about it in 9.2.e

      processing relates to personal data which are manifestly made public by the data subject;

      Essentially saying you can process anything that was made public by the person. GDPR is to protect people from companies doing shady things, not to prevent people from themselves. Because EVERYTHING is public in Lemmy, all data in it has been manifestly made public by the person who created it.

      • General_Effort@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        Bitcoin.

        It may be illegal to operate a bitcoin miner in Europe. That’s entirely possible. I don’t think the courts would go so far as to outlaw crypto in Europe via that route. But who knows.

        the technology is similar in the relevant aspects

        No. You can just turn off federation. You can make contracts with the instances you federate with. With crypto, you have to send the whole blockchain around, or else you don’t have crypto.

        As for Meta, the problem is that the data they’re sharing is not public.

        No. Look up what companies and people are fined for.

        Any information that a user willingly makes public can be processed in any way

        No! NO!!!

        You may not process any personal data without a legal basis. It does not matter if public or not.

        Certain sensitive personal data may not be processed at all, even with a legal basis. Except in certain circumstances listed in Article 9.