So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.
If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.
My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?
Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?
Or am I completely misunderstanding how GDPR works?
As soon as the content moves to another server, it’s their liability to comply.
If you scrape a website, them removing a user’s PII in response to a GDPR request is not contingent on you also deleting what you scraped.
Federation of removal requests would simply ease the flow of compliance for both hosts and users.
If certain hosts decide to ignore the requests and the GDPR, that’s up to them.