Title.

I have started to use Lemmy quite frequently in the last few days. I really like it, but I haven’t been able to find any documentation that explains how my data is being handled, what kind of data is being collected and how it is being used and neither have I been able to find an in-depth explanation – or any explanation for that matter – about Lemmy’s security model.

Would anyone please provide a source where I could find that info?

  • fubo@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    The Lemmy federation is not a single legal entity; it’s a collection of servers operated by different people. This means that Lemmy as a whole cannot have a privacy policy — but a single server instance might.

    For example, the lemmy.world instance has a link at https://lemmy.world/legal which directs you to the policies at mastodon.world, which is operated by the same person. The privacy policy is here.

    This is similar to email. There’s nobody in charge of all of email, so there’s nobody who can set a policy for all of email. But a specific email provider, like Hotmail or Gmail, certainly can & do have policies.


    Most Lemmy instances are run by individual volunteers as a personal hobby, rather than being run by businesses professionally. As such, they might not be covered by privacy laws such as the EU GDPR (which doesn’t apply to personal activity) or California CCPA (which only applies to for-profit activity).

    Of course, if anyone wants to run a Lemmy instance commercially — or if an existing business decides to run their own, professionally — they would be covered by these laws.

    • maynarkh@feddit.nl
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      As such, they might not be covered by privacy laws such as the EU GDPR (which doesn’t apply to personal activity)

      Personal activity specifically only includes providing services to yourself or close family members. Putting something on the internet is explicitly not that.

      From the same law:

      That exception must therefore be interpreted as relating only to activities which are carried out in the course of private or family life of individuals, which is clearly not the case with the processing of personal data consisting in publication on the internet so that those data are made accessible to an indefinite number of people.