Hey mastodon admins, the 25th may is coming closer and so the #GDPR. I don't think the Data Protection Authorities will be a big problem at the moment, they are also overwhelmed by the new regulations and they would try to solve the problem in a favorable way before sanctioning an instance.
The real problem will be lawyers trying to gain money from instances which don't follow the regulations imposed by the GDPR. So the big question is, what do we need to do to comply these rules? #mastoadmin
@leah I think in a sense it is a pretty big clusterfuck for any federated network, isn't it? Because the point of Masto is to send personal data to other servers, but GDPR mandates that you have some sort of contract with said servers that you rely data to, no?
Equivalently, how would you implement a "right to forget"? You don't have a contract with other servers that obliges them to delete e.g. a toot. You can't do shit. How could Masto ever be GDPR compliant?
Perhaps, when I post to my personal website that is publicly accessible, the issue is similar. I am making information accessible to anyone.
When I post on Mastodon, it's the same situation, I'm posting to my personal website. I'm also sending this content to the fediverse just like with RSS, for anyone to access.
With email, A writes to B, but the PB server is run by Google, is Google allowed to use that data ?
@manu @leah Not exactly, because mail is not federated like Mastodon is. When user A sends a mail from their provider PA to user B's provider PB, this can be seen as implying consent of the user that PA communicates with PB to transmit the data of the mail.
With the Fediverse, there is no single recipient - by default, *all* servers who want to can retrieve the public messages. I can make a new server PC and access all (future?) messages, even though A didn't know about PC at that time.