I understand that very few (or no) websites actually delete anything. They just mark them as “deleted”. But this usually means that once something is deleted, users have no ability to see the deleted data. This doesn’t seem to be the case with Lemmy.
I’ve been trying out the Android app called Connect for Lemmy, and it shows the contents of all deleted comments with a “DELETED” word on them. See the uploaded screenshot.
This seems bad to me. Users expect that deleted comments are no longer viewable, and won’t be returned by Lemmy’s API. Lemmy still shows the username of the deleted comments, which was bad enough, but now I’m seeing that it doesn’t prevent apps from seeing the deleted comments.
What are your thoughts on this?
This seems to be non-compliant to the GDPR:
Under Article 17 of the UK GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’.
This is also non-compliant with Brazilian’s LGPD
Art. 3 This Law applies to any processing operation carried out by natural persons or legal entities of public or private law, regardless of the medium, the country of their headquarters or the country where the data is located, provided that:
…
III - the personal data object of the treatment have been collected in the national territory.
§ 1 - Personal data is considered to be collected in the national territory if the data subject is located there at the time of collection.
…
Art. 18 The holder of personal data has the right to obtain from the controller, in relation to the data subject’s data processed by the controller, at any time upon request:
…
VI - erasure of personal data processed with the consent of the data subject, except in the cases foreseen in art. 16 of this Law;
Not that I care about what my country’s law says, but I fond it ironic that a free, decentralized platform violates laws of data protection
I wonder if Lemmy instances run by a person (and for personal reasons, i.e. with no intent to generate profit) would qualify for Article 2© exemption from the GDPR:
This Regulation does not apply to the processing of personal data:
by a natural person in the course of a purely personal or household activity;
I’m not sure how a judge would interpret “purely personal” in this context. There seems to be some discussion of the matter at the following link, which leads me to think it would not be exempt:
https://law.stackexchange.com/questions/28070/would-gdpr-affect-my-own-personal-website
Yeah, that should be fixed. Currently best work-around is to edit the comment with just the word “Deleted” or similar in it.
Because of federation, I suspect they can’t just disappear. But they should lose their content and be marked as deleted, rather than viewable.
I don’t see why a delete command couldn’t be federated in exactly the same way an upvote or comment is.
Good. Maybe people might actually try to be decent then.
It’s not always about being decent. Sometimes people doxx themselves by accident, and should be allowed to delete their comments. Especially if they start getting harassed by some nut. Sometimes stalkers can piece together info from old comments.
If they do delete it and it doesn’t make the content irretrievable, I’m not sure they can edit the comment at that point to remove the info. They will now have lost control of it.
I realize that deleting isn’t perfect because of archive sites, screenshots, and whatever else. But at the very basic level, people should be able to actually delete their comments.
You should be able to control your information because it’s yours afterall.
deleted by creator
edited before deletion
Wait til you learn how E-mail works ;0