I am currently trying to wrap my head around the GDPR by analysing mastodon.online. While going through their privacy policy and their privacy preferences of my Mastodon, I discovered the following preference setting which is enabled by default:
As far as I understand Article 25 of the GDPR, checkboxes and consent-based preferences shall choose privacy by default. Apparently, this is not the case for this setting.
The question: Is this part of the data controller's responsibility, since it can detect and hence block search engines? If so, is Google considered a data processor or a separate data controller, which obtains the publicly available data?
