Well, no. Because users choose what they share on the fediverse by writing it and posting it.
Servers processing IP, User Agents, Emails etc as part of security is not part of the agreement to share with the fediverse.
So, an instance that federates will be able to receive the publicly shared information for free (usernames, displaynames, profiles, posts & comments). They wont get any PII that a user does not explicitly share (by writing it in a comment).
But if an instance started selling the information of their own users, then that would be in violation of GDPR.
Well, no. Because users choose what they share on the fediverse by writing it and posting it.
Servers processing IP, User Agents, Emails etc as part of security is not part of the agreement to share with the fediverse.
So, an instance that federates will be able to receive the publicly shared information for free (usernames, displaynames, profiles, posts & comments). They wont get any PII that a user does not explicitly share (by writing it in a comment).
But if an instance started selling the information of their own users, then that would be in violation of GDPR.