Highlighting the recent report of users and admins being unable to delete images, and how Trust & Safety tooling is currently lacking.

  • sudneo@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    To be precise, it’s not devs that need to worry about GDPR, it’s instance admins. I don’t disagree with you, but I think it’s an important distinction to make.

    • RubberDuck@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      Fair point, it also requires privacy by design though.

      And again, why not invest some time into actually respecting privacy. Storing all sorts of info through a framework that is not needed. And at least discuss what is needed and for how long.

      It is a work in progress, but there is no need to be hostile about these requirements by people against these rules.

      • sudneo@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        I am sure that for such small shops it’s trivial to explain that resources are extremely limited, I don’t see any data protection authority actually pursuing anyone based on the lack of privacy by design. The point is, nobody is forcing you to deploy the software as is, and technically anybody could write tools that bridge the gaps in the software. If the software does not offer data deletion, any instance admin could have identified this gap (a risk assessment for data collection is also needed technically) and wrote a script that would allow to satisfy data deletion requests or anything else that would have made them comply.

        That said, I agree that these features are important. I do not agree that they are what the devs should work on right now, or that at least it takes some convincing to convey the fact that these are important features for instance admins to be compliant and for users (in general).

        I also get the point about the “I am not taking your word for it” approach. Look how many people in this thread talk about GDPR without actually understanding who is the data controller/processor and who has to be compliant. I can only imagine the amount of uninformed people who open issues and waste time for already busy devs. We are seeing the couple of examples that the article picks, we are not seeing the rest of issues which justify this harsh approach.

        The way I see it, having certain features implemented in the Lemmy software is one way to ease compliance for admins, and they should just upvote the issue and explain why it’s important for them, possibly even adding a bounty to the feature. OP’s approach doesn’t seem this and it’s much closer to demand stuff, as if the compliance responsibility was on the devs and the donation were some sort of reason to make them work on what other people want.