Title.

I have started to use Lemmy quite frequently in the last few days. I really like it, but I haven’t been able to find any documentation that explains how my data is being handled, what kind of data is being collected and how it is being used and neither have I been able to find an in-depth explanation – or any explanation for that matter – about Lemmy’s security model.

Would anyone please provide a source where I could find that info?

  • @fubo
    link
    18
    edit-2
    1 year ago

    The Lemmy federation is not a single legal entity; it’s a collection of servers operated by different people. This means that Lemmy as a whole cannot have a privacy policy — but a single server instance might.

    For example, the lemmy.world instance has a link at https://lemmy.world/legal which directs you to the policies at mastodon.world, which is operated by the same person. The privacy policy is here.

    This is similar to email. There’s nobody in charge of all of email, so there’s nobody who can set a policy for all of email. But a specific email provider, like Hotmail or Gmail, certainly can & do have policies.


    Most Lemmy instances are run by individual volunteers as a personal hobby, rather than being run by businesses professionally. As such, they might not be covered by privacy laws such as the EU GDPR (which doesn’t apply to personal activity) or California CCPA (which only applies to for-profit activity). (Edited; see below)

    Of course, if anyone wants to run a Lemmy instance commercially — or if an existing business decides to run their own, professionally — they would be covered by these laws.

    • @[email protected]
      link
      fedilink
      81 year ago

      As such, they might not be covered by privacy laws such as the EU GDPR (which doesn’t apply to personal activity)

      Personal activity specifically only includes providing services to yourself or close family members. Putting something on the internet is explicitly not that.

      From the same law:

      That exception must therefore be interpreted as relating only to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people.

      • @fubo
        link
        21 year ago

        Good catch, thanks.

    • @ItsYourBoyHaloOP
      link
      31 year ago

      Oh, wow. I didn’t know that, I’m still trying to wrap my head around this fediverse stuff! Thank you!