this post was submitted on 06 Mar 2024
348 points (100.0% liked)
Fediverse
35452 readers
105 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
As per official EU communication:
Lemmy instances are entities that offer free services and are arguably monitoring the behaviour of individuals in the EU through federation. From the perspective of the GDPR, there is no difference between Facebook and a Lemmy instance regarding what they can or cannot do, or whether they get fined for something.
You need to read up on the GDPR yourself.
Usernames at the very least, as online identifiers.
And they don't need to be sold, just retained. GDPR applies even if there is no payment anywhere, even to non-commercial entities.
What do you think an online identifier is then? And why would the GDPR only apply if there is money made? It specifically says in multiple places free services also count.
How is IBM authoritative on this subject? And even so, this article doesn't say that usernames are not PII, it even indirectly says it is indirect PII.
Here's another random company's page saying usernames are PII: https://www.keepersecurity.com/blog/2023/06/14/what-is-personally-identifiable-information-pii/
The GDPR says it clearly and explicitly that:
And where did you read that? If anything, public usernames are easier to correlate to form identities.