@leah I think in a sense it is a pretty big clusterfuck for any federated network, isn't it? Because the point of Masto is to send personal data to other servers, but GDPR mandates that you have some sort of contract with said servers that you rely data to, no?

Equivalently, how would you implement a "right to forget"? You don't have a contract with other servers that obliges them to delete e.g. a toot. You can't do shit. How could Masto ever be GDPR compliant?