A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it’s welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
Icon by @Double_A@discuss.tchncs.de
- 0 users online
- 239 users / day
- 952 users / week
- 2.45K users / month
- 5.6K users / 6 months
- 1 subscriber
- 3.07K Posts
- 119K Comments
- Modlog
I have a rudimentary one going on.
Nice!
I adapted one from the Discourse PP but it’s a WIP: https://cocte.au/legal
nice!
Privacy and the Fediverse are two different things.
If you’re very strict with interpreting the GDPR, pretty much everything regarding ActivityPub (no matter what “flavor” or instance) in Europe would be illegal.
There are far more important things for lemmy devs to focus on. Security is one of them.
Why?
Every instance May have its own policy?
I don’t want to make any guarantees. I’m not competent enough.
Use at your own risk I say.
I think it’s very important to be upfront with users about how their data is handled, whether or not you purge information that can identify them like IP addresses etc…, how one can make a GDPR request etc…
Also very important to say something about the licencing of the content. Do posts/comments belong exclusively to their authors? Do you grant yourself the right to use them the way you want? Are they under some CC-type licence ? Etc… otherwise you won’t reassure users who might be reluctant to spend hours or days to write for example tutorials on your platform if they have no clue about how the ownership of the content is handled.
So again, these two issues are a priority.
Lemmy is open-source software, so of course no one can control how you run your instance. That said, if you plan to host an instance for public use, you should be transparent about what data you collect and for what use. Again, I can’t force you to be transparent, but I think it would be nice if the lemmy devs only recommend transparent instances on their website. And to avoid every instance admin needing to write their own policy from scratch, I think in the original source code there should be a policy document about what data is collected by default. That way, instance admins only have to modify the policy if their data collection practice differs from the default.
It’s not so simple. Doing so would have significant legal implications for the developers.
Firstly, regarding data privacy laws such as GDPR, CCPA, and many others, the developers need to consider that laws around data protection vary widely globally. If they include a privacy policy in the source code that doesn’t comply with all these laws, they could potentially face legal consequences, even if the policy is intended to be modified by the instance admins.
Secondly, there’s the issue of potential liability for misinformation. If the developers provide a default privacy policy, and an instance admin neglects to modify it to accurately represent their own data collection practices, users could potentially be misled about how their data is being handled. If users suffer harm due to this misinformation, they may seek to hold the developers accountable, given that the developers provided the initial privacy policy. While it might seem like a stretch, it’s not impossible in today’s litigious society.
Thirdly, the burden of maintaining and updating a privacy policy could be significant. Laws and regulations change constantly, and to remain compliant, the privacy policy may need to be updated frequently. While this might appear to be the responsibility of instance admins, the developers could face criticism or potential legal implications if they provide a default policy that becomes outdated.
Lastly, there’s the issue of enforcement. When the developers promote transparency and responsible data handling, they may find themselves under pressure to ensure that instance admins are adhering to these principles. This could lead to the expectation that the developers have some enforcement mechanism, and a failure to adequately enforce could lead to legal or reputational consequences.
So, while promoting transparency is an admirable goal, these complexities highlight why legal advice is crucial when developing policies for open-source projects.
I highly appreciate your thoughtful concerns. However, I believe that what I advocate is already the default for instances on other fediverse protocols like mastodon, so it’s not like I’m creating new unprecedented issues for developers and instance admins here. Plus, policies don’t always have to be perfect. They just need to be better than what we have right now, i.e. more transparent. They can be improved gradually as time goes on, and I think most people would agree with that.
Mastodon’s policy is laughable.
It tries a ‘one-size-fits-all’ approach, failing to consider varying global data privacy laws, thus risking noncompliance in numerous jurisdictions. Their own ending note! It essentially invalidates the policy, acknowledging its potential inadequacy in other jurisdictions.
On top of that, if instances breach local laws while adhering to this mastodons policy, Mastodon might be held accountable.
Also, the responsibility of updating the policy is unclear. Whether on the Mastodon developers or instance admins, it’s a considerable task given the varying laws across jurisdictions.
Unlike centralized platforms, federated services like Lemmy and Mastodon makes a universal policy, or even just a recommendation, problematic.