S3. Took a couple years off but I’m back on it now!

I’ve been addicted to Picross since the first one came out on Switch, so I guess I’ll be buying this when I finish the current game.

It’s unbelievably polished for a first release. Not 100% feature complete mind you, but it’s mind blowing the dev pull this off.

Lemmy.nz is a nice small country instance with one rule, don’t be a dick.

Recently finished the seond book in Ken MacLeod’s Lightspeed Trilogy, Beyond the Reach of Earth. Nice SF series with some interesting takes on the complexities of FTL travel, First Contact, global politics, and more.

I barely voted at all on Reddit, trying to be more engaged here.

My statement about it being up to those running instances is mean in terms of it’s up to them to read the legislation and come to a conclusion. If I were hosting an instance I’d certainly assume it applied, though I doubt there has been any case testing its implementation in this sort of situation.

I can see someone starting a lawsuit against a standards incompliant server that ignores deletes and edits, though.

I wonder if the first data breach will draw the attention of a regulator. We’re all using essentially alpha software, with no privacy notice, I doubt there are RoPAs or DPIAs, I doubt there is a DPO… all those things might upset someone like the ICO in the UK if a breach were to occur.

Wither GDPR applies to an individual instance will be up to those running the instance to decide.

If you decide it does, then you need to do a few things. Number one is read up advice on compliance with GDPR.

Being able to delete data alone doesn’t mean GDPR compliance. I’m thinking about the need for privacy notices on sign up, retention schedules for data, lawful basis of processing, records of processing activities… Data subjects have numerous rights, which apply depend on the lawful basis you’re processing under.

I’d suggest that larger general instances might want to read up more urgently than smaller single focus “hobby” instances.

edit: more I think about this, I think there is an moral responsibility for the developers to help those running instances comply. If GDPR does not apply to an instance, it is still good practice to allow uses to delete their data, etc… Also, art. 20 of GDPR is the right to portability. Interesting to see how this applies to fediverse platforms like Lemmy.

I was thinking of doing it so certain communities from the other place would feel welcome, but someone is domain squatting what I was planning

Is that ID local to the instance or universal across the fediverse?