I guess that could be in regards to user profiling.
Since no fedi platform aggregates user data like “user xy always upvotes topic a, therefore I will show him more on topic a via an algorithm”, or shows algorithmic advertisements, or sells user data for advertisements etc, I don’t think it’s relevant to GDPR at the moment.
Am I right in my understanding that if you run a federated Lemmy instance, you can see who has upvoted what, even on other instances?
Is that not something protected by GDPR?
No, things like your home address, your IP address, birth date, health conditions, religion, etc are PII.
Upvotes almost certainly falls into “legitimate purposes” since the data is required for moderation.
I guess that could be in regards to user profiling.
Since no fedi platform aggregates user data like “user xy always upvotes topic a, therefore I will show him more on topic a via an algorithm”, or shows algorithmic advertisements, or sells user data for advertisements etc, I don’t think it’s relevant to GDPR at the moment.