Okay, what? How did this happen? https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/
If a user uploads media, but doesn't post it yet, they should *absolutely* be able to delete it, and media not associated with a post should absolutely not be visible to anyone but the user who uploaded it.
@thisismissem ha, it's more a question of how did this NOT happen :)
It's a feature they haven't finished yet. They probably should have put more priority on getting it done.
To say the least...
@MichaelAltfield @volkris @thisismissem I'm not entirely convinced that *every* photo is a GDPR risk ... doesn't it have to have some PII of some sort, such as there being a person in the photo or an identifiable location? I suspect that, say, a close up of a couple of blades of grass (with no metadata) might be OK?
@TimWardCam @volkris @thisismissem
It doesn't. Under GDPR, users have a right to erasure of any data they upload, not just data with PII.
Cat pics and food pics apply too.
@volkris @thisismissem
Worse: the devs said it would take them *years* to resolve. And when I tried to highlight the severity of this risk, they threatened to ban me
https://github.com/LemmyNet/lemmy/issues/4433#issuecomment-1939172930