Personally identifiable information are IPs, email addresses, street address, name, date of birth, … Lemmy only collect IPs and email addresses. And these are not shared between instances.
Whether the service is hosted in the EU or not, as long as it serves EU users, lemmy should provide a way to delete emails and ip information in a self serving way. (maybe by deleting the account) In the mean time, instances admins have to fulfil requests to delete emails/ips of EU citizens from the database.
The GDPR doesn’t apply only to services hosted in the EU, but any services handling the data of an EU citizen.
This is why some news outlets in the US just decided to block EU users all together, out of laziness.
IANAL, but the GDPR doesn’t cover pseudonymous data. Actually the GDPR encourages data processors (= services) to use pseudomization.
Personally identifiable information are IPs, email addresses, street address, name, date of birth, … Lemmy only collect IPs and email addresses. And these are not shared between instances.
Whether the service is hosted in the EU or not, as long as it serves EU users, lemmy should provide a way to delete emails and ip information in a self serving way. (maybe by deleting the account) In the mean time, instances admins have to fulfil requests to delete emails/ips of EU citizens from the database.