this post was submitted on 15 Mar 2025

123 points (96.9% liked)

Buy European

3527 readers

2063 users here now

Overview:

The community to discuss buying European goods and services.

Matrix Chat

Rules:

Be kind to each other, and argue in good faith. No direct insults nor disrespectful and condescending comments.
Do not use this community to promote Nationalism/Euronationalism. This community is for discussing European products/services and news related to that. For other topics the following might be of interest:
Include a disclaimer at the bottom of the post if you're affiliated with the recommendation.

Feddit.uk's instance rules apply:

No racism, sexism, homophobia, transphobia or xenophobia
No incitement of violence or promotion of violent ideologies
No harassment, dogpiling or doxxing of other users
Do not share intentionally false or misleading information
Do not spam or abuse network features.
Alt accounts are permitted, but all accounts must list each other in their bios.

Benefits of Buying Local:

local investment, job creation, innovation, increased competition, more redundancy.

Related Communities:

Buy Local:

!buycanadian@lemmy.ca

!buyafrican@baraza.africa

!buyFromEU@lemm.ee

!buyfromeu@feddit.org

Buying and Selling:

!flohmarkt@lemmy.ca

Boycott:

!boycottus@lemmy.ca

Stop Publisher Kill Switch in Games Practice:

!stopkillinggames@lemm.ee

Banner credits: BYTEAlliance

founded 1 month ago

MODERATORS

buyeuropean@feddit.org

lazycog@feddit.uk

123

Veklar, a French social media, apparently aims to protect their users from the Fediverse (?!) (feddit.nl)

submitted 1 day ago* (last edited 1 day ago) by Blaze to c/buyeuropean@feddit.uk

36 comments fedilink hide all child comments

https://veklar.com/

First time I see this, not sure what they mean

you are viewing a single comment's thread
view the rest of the comments

[–] jmcs@discuss.tchncs.de 26 points 1 day ago (2 children)

Mastodon and Lemmy don't actually share any data actually protected by GDPR, unless the users actively make it public (like using their real name).

[–] Tuuktuuk@sopuli.xyz 2 points 13 hours ago (2 children)

Am I right in my understanding that if you run a federated Lemmy instance, you can see who has upvoted what, even on other instances?

Is that not something protected by GDPR?

[–] jmcs@discuss.tchncs.de 3 points 13 hours ago (1 children)

No, things like your home address, your IP address, birth date, health conditions, religion, etc are PII.

Upvotes almost certainly falls into "legitimate purposes" since the data is required for moderation.

[–] Tuuktuuk@sopuli.xyz 0 points 12 hours ago (2 children)

So, are you saying that Facebook holds basically no data covered by GDPR?

[–] JackbyDev@programming.dev 3 points 11 hours ago (1 children)

How'd you get that from that???

[–] Tuuktuuk@sopuli.xyz 0 points 11 hours ago (1 children)

Well, ok, of that list they have my ip address, but nothing else.

[–] JackbyDev@programming.dev 1 points 4 hours ago

They accept all of that information in one way or another.

[–] jmcs@discuss.tchncs.de 2 points 12 hours ago

Your instance has data covered by GDPR, but the data it sends to other instances is covered by the same exceptions as the data you send in a email. Without exceptions for legimitate interests it would be illegal to send an email from, say, mailbox to Gmail or Yandex Mail.

[–] Microw@lemm.ee 2 points 13 hours ago

I guess that could be in regards to user profiling.

Since no fedi platform aggregates user data like "user xy always upvotes topic a, therefore I will show him more on topic a via an algorithm", or shows algorithmic advertisements, or sells user data for advertisements etc, I don't think it's relevant to GDPR at the moment.

[–] skullgiver@popplesburger.hilciferous.nl 2 points 17 hours ago (1 children)

PII includes any information that can be used to link or correlate personal information. That includes usernames and account IDs. Every like/upvote contains that information, as well as a timestamp, indicating a unique account but also behaviour. The system doesn't just share a list of names, it shares a list of names with a lot of context. Stuff like this is also why pseudonymisation isn't sufficient to avoid GDPR obligations.

Usernames aren't sensitive information, so you can handle it without too much special care (although you do need to ensure basic protection of login credentials against data leaks, for instance by encrypting databases as a minimum requirement). They are PII, though, which means you're obligated to take some level of care and ensure that the information can be corrected or redacted everywhere.

The GDPR simply wasn't written with something like the Fediverse in mind. My server knowing when your account upvoted what posts on a third server would be ridiculous if we're talking about Twitter and Facebook, but it's the core of vote counting on Lemmy.

[–] jmcs@discuss.tchncs.de 3 points 14 hours ago* (last edited 14 hours ago) (1 children)

GDPR doesn't include things you choose to make public, otherwise no social media could show your posts or username to anyone. My only doubt about Lemmy and Mastodon is about DMs where people have a reasonable expectation that they are private but they are not.

Edit: and thinking about it, even DMs probably fall into the same exception as email.

[–] Microw@lemm.ee 2 points 13 hours ago (1 children)

That is wrong. GDPR of course covers public information. It simply does not force platforms to hide this kind of information. But transmission of these informations without user's consent and especially sale of these informations could possibly be prohibited by a court referencing GDPR.

[–] jmcs@discuss.tchncs.de 2 points 12 hours ago (1 children)

But simply transmitting it for the purposes of making the protocol work, falls under legimitate purposes, like sending an email to email server in China

[–] Microw@lemm.ee 4 points 12 hours ago

Absolutely.

But if a fedi software/instance decided to do something else with this public data, it could get legally problematic. That is the point I'm making.