So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.
If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.
My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?
Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?
Or am I completely misunderstanding how GDPR works?
Many countries had laws regarding personal data long before GDPR, which is basically EU countries agreeing on the lowest acceptable common minimal.
At least in french law it’s still the 70’s that you can access your personal data and get them deleted on request, at the time of phpBB forum, you had to fill a form informing the data-protection authority that you were collecting some user data.
I don’t know enough how lemmy works internally, but I believe that activity pub includes a synchronization aspect, if you erase a post it will get erased from other instance’s cache too. Moreover, one has to check the definition of personal data. An e-mail address or an IP address + timestamp are personal data. But is an internet nickname an unique identifier ?