Everybody is talking about the GPDR, but the GPDR when hosting in the EU, should be the least if your concerns. As I said elsewhere:
- Lemmy is not doing tracking/personalized-ads.
- Lemmy is only collecting IPs and email addresses as personally identifiable information. It’s not sharing them. So it makes GDPR compliance easy.
The real issue is Directive on Copyright in the Digital Single Market which is a nightmare if you want to host lemmy legally. Realistically, the government don’t care about a few copyright infrigement by some guy/gal hosting a lemmy instance in their garage.
But, if you want to follow the law to the letter, the EU doesn’t have any fair use. So theorically, you need to allow users to only post creative commons images, with attribution. Or do some copyright checks on the content posted on your instance. Here is an EU video on how to comply with the directive, it’s a nightmare.
The link I provided says that pseudonymous data can be used to hide personalized data.
The owner of lemmy.one can use [email protected] to map it to an IP and/or email address. This becomes now personally identifiable data. But other instance owners can’t map it to any personalized data, so it is basically “anonymized data” for them.
You just have to provide a way to either
Disclaimer, IANAL, YMMV, yaddy, yadda,…