Federated services have always had privacy issues but I expected Lemmy would have the fewest, but it’s visibly worse for privacy than even Reddit.
- Deleted comments remain on the server but hidden to non-admins, the username remains visible
- Deleted account usernames remain visible too
- Anything remains visible on federated servers!
- When you delete your account, media does not get deleted on any server
Yea these laws are super difficult in a distributed network and I think that you would not be responsible if you made an attempt to say to the other instances that this data is now deleted. But at the moment, when you delete a message on an instance, it just flips a boolean and says the message is deleted. (mods can purge comments though, so then it is actually deleted).
And you would probably be fine as an individual, but I can see larger Lemmy instances get large enough that these kinds of rules will apply to them. I have seen a few cases where small associations got fined for violating the GDPR, that would be a waste of money that was donated for hosting the instance.