I’d be really keen to host a lemmy instance but just wondering with GDPR and everything, if there is anything else to consider outside of the technical setup and provisioning of hardware?

Lemmy is storing users data so is there any requirement to do anything GDPR wise?

Hope this is the right place for this - But seen a lot of posts interested in hosting their own lemmy instance, and this is an extension of that

  • poVoq@slrpnk.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Obviously IP addresses are personal data, but those are not shared to other instances.

    You could probably argue that the federated ID is personal data, but I am not sure as it might also count as only an internal identifier required for operation. IANAL but I don’t think votes can be considered personal data under the GDPR.

    • chiisana@lemmy.chiisana.net
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Question boils down to where is the boundary. Does an alias of your choosing, which uniquely identifies you across the fediverse personally identifiable? I think we all would say yes. Does then actions linked to that alias constitutes as personally identifiable? Well, in absence of the correlation of the ID, it is still technically possible to map out who this user is and what their interests and preferences are, so maybe yes? That’s a hard grey area to determine IMO.

      • poVoq@slrpnk.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Indeed, but I think email addresses for email providers (but not everyone else) are handled differently by the GDPR as they are necessary for providing the email service. I think this is similar to how functional cookies do not require consent under the GDPR if they are only used to keep you logged into the site etc.