See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the "controller has made the personal data public", they have legal obligations. When you send an email, you are not making it public.
King
joined 1 year ago
See https://gdpr-info.eu/issues/right-to-be-forgotten/
Once the "controller has made the personal data public", they have legal obligations.
4
Woman’s iPhone photo of son rejected from Sydney competition after judges ruled it could be AI
(www.theguardian.com)
The GPDR doesn't require Lemmy to remove personal data from the entire internet. But when a Lemmy instance gives data to other Lemmy instance, there are legal responsibilities.
https://gdpr-info.eu/art-17-gdpr/ Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
==========
Maybe this is open to interpretation, but I feel that the same Federation protocol that federates out my personal data (my posts and comments), should also federate out my delete requests. I'm unsure why this would be controversial.