How I intend to deal with GDPR on my hub Askrö

!Hubzilla Support Forum

One of the fundamental roles in GDPR is the Controller, the one that is responsible. One might think that this is the fellow that actually works with the information but that is not the case. The controller and the responsibility comes with the mandate to decide the purpose and means of the processing of personal data (Article 4, point 7). The controller is the the legal responsible throughout the rest of GDPR. The fellow that works with the information just have to oblige to what the Controller have decided.

My node is small, we are about 5 users and we started the node just a few month ago. The usage beside my own is slim to none.

I have decided that I will not alone take the responsibility of the Controller. Instead I have invited all users to take the responsibility of the Controller in a shared and democratic manner. We will jointly decide how the information of the node is used and I (the technical admin) will then oblige to this. The result is that the Controller and responsible is the user collective altogether.

If this works out we will see, perhaps I will be the sole user on the node and I will have my democratic discussion with my self.

Also, it is not like there is much to decide, just that the information shall not be sold and not be used for marketing.
BTW Jan, GDPR applies to all processing of personal information with a few exceptions in relation to private stuff and stuff clearly related to the hose hold. Forgot the exact article but is one of the first.
I am member of a cooperative hoster in Germany and we currently plan to setup a social media instance. In our case the situation is quite clear as we have a cooperative as legal entity. At the same time the cooperative is governed in a democratic way. So this will work somehow.

If it is feasible to setup a bigger instance without a legal entity I cannot say. Shared responsibility in a commons way – I am not sure how the GDPR covers this.
Well, as I mentioned; the Controller is responsible for most everything unless someone breaks the rules given by the Controller. The definition of the Controller is the person/entity/board that decides the purpose and means to process personal information. The one that decides. If a employee decided to go out of boundaries he/she becomes an Controller as he/she decides about own processing. I think it makes sense.

If the entire community on a hub helps out deciding the means and purpose we are all responsible Controllers. It is just about finding a proper way to ensure that we all actually take part of the decision process.

This is most certainly not the intention of GDPR :)