Well, no. Because users choose what they share on the fediverse by writing it and posting it.
Servers processing IP, User Agents, Emails etc as part of security is not part of the agreement to share with the fediverse.
So, an instance that federates will be able to receive the publicly shared information for free (usernames, displaynames, profiles, posts & comments). They wont get any PII that a user does not explicitly share (by writing it in a comment).
But if an instance started selling the information of their own users, then that would be in violation of GDPR.
Yes. To my understanding gdpr doesn’t care who you are, if you have users and you track their data then you’re covered under it.
Interesting, I feel that would be extremely hard to action on in a federated system.
Well, no. Because users choose what they share on the fediverse by writing it and posting it.
Servers processing IP, User Agents, Emails etc as part of security is not part of the agreement to share with the fediverse.
So, an instance that federates will be able to receive the publicly shared information for free (usernames, displaynames, profiles, posts & comments). They wont get any PII that a user does not explicitly share (by writing it in a comment).
But if an instance started selling the information of their own users, then that would be in violation of GDPR.