Derin

You should get your feet wet with Github, first; then you can browse the relevant good first issues for the backend.

Yeah I agree with all of this. Shame there isn’t a better option at the moment, but they’re the lesser of a bunch of evils - so I guess I’m sticking with them for a bit longer.

Oh, my bad: I thought bandcamp was part of the major services. Shows what I know 😅

Bandcamp is pretty good, though. Especially on Bandcamp Fridays where all the profits go to the artists. Plus, I like getting FLACs.

Finally. One of my favorite animes; so hyped to get a sequel.

Sure, but you’d still have to delete all their written posts - which is really what all this is about.

As a person who oversaw the implementation of GDPR in a large software house (which wasn’t EU specific, but had to in order to operate legally in the EU), the requirements were:

1. Allow users to request data deletion or a copy of their data.
2. If the former, delete all data of their data on the server, send it to them, and then (this was the important part) forward the data deletion request to every single partner we were working with.

For us, this was multiple ad companies. We had to e-mail each one, ask them about their GDPR implementation (most of them were somewhere between “we’re thinking about it” and “we have an e-mail address you can send something automated to and we’ll get to it sometime within the next month”), and then build an automated back-end system to either query their APIs for automated deletion, or craft/send e-mails for the more primitive companies.

As far as the data being deleted, it was anonymized IDs that were tied to their advertising IDs from their mobile phones. I used to try and argue that “no, it’s anonymous” - but we also had some player data (these were games) associated with that, so we ended up just clearing house and deleting everything on request.

So, legally, this means every instance - in order to be GDPR compliant - would have to inform every instance it federates with that a user wants their data deleted. If you’re not doing that, you’re not fully compliant.

Kind of shitty, but that’s how it went for me. (this was back when GDPR was first being released)

Edit: Also, the one month thing was relevant: you have 30 days to delete GDPR stuff after receiving a data clear request. I don’t recall what the time was for a “see my data” request. Presumably, though, on Lemmy the latter is superfluous as all your data is already present on your profile page. An account export option would be enough to satisfy that.