• Tuukka R@sopuli.xyz
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    12 hours ago

    Am I right in my understanding that if you run a federated Lemmy instance, you can see who has upvoted what, even on other instances?

    Is that not something protected by GDPR?

    • jmcs@discuss.tchncs.de
      link
      fedilink
      arrow-up
      3
      ·
      11 hours ago

      No, things like your home address, your IP address, birth date, health conditions, religion, etc are PII.

      Upvotes almost certainly falls into “legitimate purposes” since the data is required for moderation.

        • jmcs@discuss.tchncs.de
          link
          fedilink
          arrow-up
          2
          ·
          11 hours ago

          Your instance has data covered by GDPR, but the data it sends to other instances is covered by the same exceptions as the data you send in a email. Without exceptions for legimitate interests it would be illegal to send an email from, say, mailbox to Gmail or Yandex Mail.

    • Microw@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      11 hours ago

      I guess that could be in regards to user profiling.

      Since no fedi platform aggregates user data like “user xy always upvotes topic a, therefore I will show him more on topic a via an algorithm”, or shows algorithmic advertisements, or sells user data for advertisements etc, I don’t think it’s relevant to GDPR at the moment.