TLDR: While Fediverse won’t directly serve you ads, anonymous bad actors other than Meta can save, redistribute, and even dox you for any information you post here. Anything you post here can/will remain forever on some malicious instance that doesn’t honor deletion requests. So be careful!

  • r00ty
    link
    fedilink
    51 year ago

    I think the best we can do here is ensure this is outlined in the privacy policy on each instance. I’ve tried to outline how it works, and why it works that way in my privacy policy. But it’s still a bit work in progress.

    I think the most important thing to stress here is that only data required for federation is shared. We don’t build profiles, we don’t send any other data to any third parties and all the data sent to federated servers is available via a web link to anyone publicly too.

    The best we can do for users that want to be forgotten is send the delete request. We cannot force other instances to delete content.

    I would argue that’s the case for “big social media” too. Say for example I say to facebook “Hey under GDPR provisions I would like you to delete all data you have from my account”. They are obliged to do this. Sure. But what about all the third party advertisers that already have my data through the sharing agreements? Do you think facebook even tries to remove it from them? Do you think they will do it if they ask?

    So, I think that’s kinda synonymous with the federation situation. So long as you make clear how it works, and as long as you make good faith attempts to delete a user’s data on request. I’m not sure there’s more we can be expected to do (and it’s already more than the big companies will do for you).

    • @[email protected]OP
      link
      fedilink
      41 year ago

      Yup, you have a good point with the third party advertisers not following GDPR. And I agree that the privacy policy should be as transparent as possible.