So if I understand GDPR correctly: If I want a service/business to remove all my personal data, they have to comply with it in a certain timespan or get in trouble with the law.
If I understand federation correctly: All posts get replicated on federated instances all over the fediverse.
My question: If I e.g. want lemmy.world to remove my data, all my posts etc are still up on lemmy.ml right? As they just have a copy of these posts?
Would I as a customer have to contact every single instance to get my data removed? Or how does GDPR compliance work with lemmy?
Or am I completely misunderstanding how GDPR works?
It seems the GDRP does not agree with you:
To what data do the EEA GDPR and the UK GDPR apply?
The EEA GDPR and the UK GDPR apply to all "personal data,” which includes any information relating to a living, identified or identifiable person. Examples include name, SSN, other identification numbers, location data, IP addresses, online cookies, images, email addresses, and content generated by the data subject.
Source