NfNitLoop / feoblog

A distributed, cryptographically-verifiable blog / social network
Other
71 stars 4 forks source link

GDPR issues #47

Open NfNitLoop opened 3 years ago

NfNitLoop commented 3 years ago

See: https://www.reddit.com/r/rust/comments/o80zh4/feoblog_v040_released_today/h3367dw/?utm_source=reddit&utm_medium=web2x&context=3

What are the obligations servers have under GDPR?

My layman's understanding is that under GDPR users must be able to:

  1. Request any data a server has about them.
  2. Be able to request that their data be deleted from a server. (within some timespan?)

The REST API can already list all of a user's Items, so that may take care of point 1.

And eventually I'll implement #5 -- is that enough to handle point 2?

If folks know other GDPR obligations, please leave comments, IANAL.

NfNitLoop commented 3 years ago

Ah, right, there's also #32 which is another way that a server admin could remove GDPR content.

But FeoBlog itself does not provide a way to contact a server admin to make a request. Is that a requirement under GDPR or can that be handled by other channels? (Maybe it'd be as simple as allowing a server to configure an admin e-mail or contact form URL?)

NfNitLoop commented 3 years ago

I might want to look into how systems like Mastodon handle this. If you post data to a single Mastodon server, it might get copied to other servers to show up in user feeds there. Do they have features that help w/ GDPR compliance?

NfNitLoop commented 3 years ago

(brainstorming) Here's an issue -- if I rely on revocation (#5) to remove someone's data, that requires they revoke their entire userID. Should I add something with a smaller scope that allows a user to remove their data from a particular server? A server-limited revocation?

This is somewhat appealing to me, because I could see a situation where someone sets up a server for a community that you don't want to be a part of. You could mark your data as not being allowed on that server.

But, it raises some complicated edge cases, and could hinder the distributed-ness of the system as a whole. And any offending server could just choose to ignore such requests.

Example edge cases:

OK yeah, I think I've talked myself out of this idea. It complicates things, and would only offer you "protection" from frinedly servers that honored such a feature.