@leah I think in a sense it is a pretty big clusterfuck for any federated network, isn't it? Because the point of Masto is to send personal data to other servers, but GDPR mandates that you have some sort of contract with said servers that you rely data to, no?
Equivalently, how would you implement a "right to forget"? You don't have a contract with other servers that obliges them to delete e.g. a toot. You can't do shit. How could Masto ever be GDPR compliant?
@manu @leah Not exactly, because mail is not federated like Mastodon is. When user A sends a mail from their provider PA to user B's provider PB, this can be seen as implying consent of the user that PA communicates with PB to transmit the data of the mail.
With the Fediverse, there is no single recipient - by default, *all* servers who want to can retrieve the public messages. I can make a new server PC and access all (future?) messages, even though A didn't know about PC at that time.
Perhaps, when I post to my personal website that is publicly accessible, the issue is similar. I am making information accessible to anyone.
When I post on Mastodon, it's the same situation, I'm posting to my personal website. I'm also sending this content to the fediverse just like with RSS, for anyone to access.
With email, A writes to B, but the PB server is run by Google, is Google allowed to use that data ?
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!