As I mentioned in the description, the GDPR definition of data is tremendously broad. The list of types of personal data that could lead to the identification of a natural person in the digital context further include email addresses, cookies, IP addresses and, overall, lots of online identifiers. It has to be adjusted to the context of Disroot.
I like what you did Fede. I think it is pretty complete now.
@fede shall we include here the federation explanation?
It is indeed probably the best place to explain about it.
I think it's the best place too.
@fede can you add it then? I think we would be sort of ready with this one. :)
If the text is ok, we can move forward. I couldn't find a way to make it shorter.
I think the text about federation should be more explanatory. Maybe something like this, though perhaps this fits more in Access to your information. So unless we add better explanation there, we should provide a bit more then suggested in the pull request:
Federated services: Services that operates on the basis of so-called Federation Protocols which enables users signed up at different services providers to interact with each other. Examples of these services are Nextcloud, Email, Hubzilla and XMPP.Because of the nature of the protocols (ability to send each other messages, likes, share files, chat) some of the data is naturally shared or transmited to other entities (eg. sending email to different provider). We cannot take responsiblity for privacy practices of others, however, sharing data with other service provider is the user's choice, and depending on service, user can decide with whom and what to share (eg. user can choose not to send the email to different provider).
I would keep what @fede wrote as it is a simple definition, like other definitions, and would add the rest of what @muppeth wrote in Access to your information