I understand that very few (or no) websites actually delete anything. They just mark them as "deleted". But this usually means that once something is deleted, users have no ability to see the deleted data. This doesn't seem to be the case with Lemmy.
I've been trying out the Android app called Connect for Lemmy, and it shows the contents of all deleted comments with a "DELETED" word on them. See the uploaded screenshot.
This seems bad to me. Users expect that deleted comments are no longer viewable, and won't be returned by Lemmy's API. Lemmy still shows the username of the deleted comments, which was bad enough, but now I'm seeing that it doesn't prevent apps from seeing the deleted comments.
I wonder if Lemmy instances run by a person (and for personal reasons, i.e. with no intent to generate profit) would qualify for Article 2(c) exemption from the GDPR:
This Regulation does not apply to the processing of personal data:
by a natural person in the course of a purely personal or household activity;
I'm not sure how a judge would interpret "purely personal" in this context. There seems to be some discussion of the matter at the following link, which leads me to think it would not be exempt:
Art. 3 This Law applies to any processing operation carried out by natural persons or legal entities of public or private law, regardless of the medium, the country of their headquarters or the country where the data is located, provided that:
...
III - the personal data object of the treatment have been collected in the national territory.
§ 1 - Personal data is considered to be collected in the national territory if the data subject is located there at the time of collection.
...
Art. 18 The holder of personal data has the right to obtain from the controller, in relation to the data subject's data processed by the controller, at any time upon request:
...
VI - erasure of personal data processed with the consent of the data subject, except in the cases foreseen in art. 16 of this Law;
Not that I care about what my country's law says, but I fond it ironic that a free, decentralized platform violates laws of data protection
It's not always about being decent. Sometimes people doxx themselves by accident, and should be allowed to delete their comments. Especially if they start getting harassed by some nut. Sometimes stalkers can piece together info from old comments.
If they do delete it and it doesn't make the content irretrievable, I'm not sure they can edit the comment at that point to remove the info. They will now have lost control of it.
I realize that deleting isn't perfect because of archive sites, screenshots, and whatever else. But at the very basic level, people should be able to actually delete their comments.