Hold on. You can’t keep personal data longer than needed. Making data disappear from the web is one important demand by the GDPR.

Agreed, but - while it might be permissible legally to wipe out my data and content, what if I want to retrieve a copy afterwards?

I wouldn’t want to keep control over other people’s content, but regarding my own…

“Involuntary data transfer”
I don’t know what exception that is. There are rules for data breaches. I’m not at all sure how much you have to do to block crawlers.

Well, in that case, baring credible contradicting information from another source, I think it’s reasonable to accept the note from the former worker of a DPO. Would you agree?

Comments are problematic because they inherently relate to other persons beside yourself. It could be argued that you have to delete your own writings as well when you shut down your instance.

Hmm. Will need a good think about this - perhaps I should adjust my commenting style to avoid direct quoting and such…

Ironically, that is a problem because if there is such an alternative, then it must be used. If you can reach your goal by processing less personal data, then you must do so.

All the more reason to get started on it, I suppose.

You’d only be hosting the communities created on your own instance. Apart from that, you’d simply authenticate the identities of users.

Well, and dealing with responsible for user content from your instance’s local users - but since it’s just the one instance (or small handful if you trust a few others) it’s still much more managable. And it becomes zero for, e.g., single-user instances (since those would have zero other users and thus zero other content to worry about hosting).

Unfortunately, confirming the identities also means transferring personal data.

That’s why I had the idea of creating and using the federation-bot account - this way there’s no confirmation of identities or transfer of personal data.

One question is what that would do to server load. I don’t know.

Server admin question. Can save that for serverfault.com and the like IMVHO

Proxying the posts/comments may be the better solution, but when and how that should be done has no clear answer.

One of those things that need experimentation and research to determine, but an answer can be found.

Unfortunately, the different DPOs don’t agree on everything. Maybe in a few years, this will all be at a point where ordinary people can be on the safe side by simply following a manual.

Hmm - if different DPOs can’t agree, then I don’t see how we get to the point of a user friendly manual.

Maybe it won’t be so much extra effort that it becomes impossible for hobbyists, but - on the whole - the future of the European internet belongs to big players.

This is what’s inherently disturbing to me. I am one of those hoping that the GDPR would be a tool for the opposite (a way to rein in the big players, so to speak).

People don’t know the law and just chose to believe a happy fantasy.

It was a surprise to read from the former DPO worker that email as a system is not compliant with the GDPR.

I believe, there is no way - at present - that an ordinary person can maintain an internet presence while being compliant with GDPR and other regulations.

Hmm. I am starting to see why you take this view. Not saying I agree, but I can understand the frustration. That said, PIPEDA in Canada came to pass in 2000 - it’s considered to have GDPR-equivalency and we’ve not had the sort of issues that you are raising with PIPEDA, which makes me optimistic that the GDPR can likewise be something that folks can live with.

The GDPR is a terrible mistake, but that’s not what people want to hear.

Even if it is flawed it’s still a step in the right direction IMVHO. I’m in Canada, which had PIPEDA back in 2000 - 18 years before the GDPR took effect in the EU. Hence I believe a solution is workable and a balance can be struck - even if in the worst case that means additional legislation to tweak the existing law. (Though I’d not even go that far - for example, from the former DPO, it seems that if EU courts all agreed that the API behind federation was covered by the “involuntary data transfer” exception then Lemmy would already be GDPR compliant (or mostly so) as-is of the time that I write this.)