I’m looking for answers from instance admins, if you’re a regular user, you can still answer but it’s more helpful for me to get answers directly from admins.
If a user on [instance A] asked another instance (Instance B) to remove their federated account and federated content copies from instance B (likely also banning it so content doesn’t continue to flow) would the user on Instance A be in trouble with their instance admin for asking for such a thing.
Obviously it depends on the instance’s rules but that’s part of why I’m asking the question, to get answers from instance admins on this.
On one hand I can see how it would since, since it hurts interoperability and can create tension between instances, but on the other hand a user has the right to be in specific places or not be in those places, that probably extends to not wanting to be federated into an instance they find objectionable (assuming it is for good reasons).
Lemmy doesn’t federate “personal data” to other servers. The GDPR has a strict definition what can be “personal data”. The Wikipedia has a good overview of the relevant laws in various countries: https://en.wikipedia.org/wiki/Personal_data
Requesting the deletion of posts and comments that they agreed to be federated when signing up is purely voluntary but usually done as it is fairly easy to ban a user and delete their contributions.
From your link
The “directly or indirectly” part is important here, a username is a constant identifier between a user’s posts and comments
Given comments and posts are free text input, there’s no way of knowing the entire set of a user’s content doesn’t contain PII, unless an admin wants to spend the time combing through and determining which posts definitely contain PII and which definitely don’t, they should delete it all. The data subject does not need to make specific listings of what they want deleted, the onus is on the service owner to be able to process the deletion request completely and within a timely manner.
No, as only the instance admin that hosts the original account can indirectly associate a user handle with actual “personal data”. An admin of a federated instance can not, as they do not have any “personal data” to correlate it with.
If a user themselves posts “personal data” publicly it is not covered by the GDPR (IANAL) and thus not subject to mandatory deletion requests. Of course deleting everything is often the easiest course of action, but this is not legally required.