Hey, just went through a few different checklists, and discovered that Lemmy does not meet GDPR requirements for notifying users for how servers handle the data. I’ve brought up this request on github, and I hope to get it fixed soon, but in the meantime I’ve compiled a list of EU address blocks and intend to add them to my firewall. Just thought you all should know.
I have had this concern for a few days and adapted the Mastodon privacy policy (adapted from the Discourse policy) and published it https://github.com/BanzooIO/federated_policies_and_tos/blob/main/lemmy-privacy-policy.md
Discussion on this has been started: https://lemmy.ml/post/1431759 and https://lemmy.ml/post/1431930. Open to any recommendations
There is also not a “cookie accept” when you first visit the site that is now standard convention.
That’s because Lemmy does not use tracking cookies! Lemmy only uses one authentication cookie, cookies such as these do not require user consent (at least under the GDPR). More info: https://gdpr.eu/cookies/
I was told by the owner of Beehaw that login cookies are excluded from the cookie dialog requirement, and Lemmy doesn’t use tracking cookies which are subject to the requirement.