I stumbled upon this article from the exellent NYOB organization - the one with Max Schrems - and they mention that a federated social network may be a possible way to avoid the current GDPR problem of transferring EU citizens data to the US.
Read the whole thing, but the relevant quote from the article:
Previously, Facebook / Meta spread the rumor that it would stop providing services in Europe. Given that Europe is by far the biggest source of income outside of the US and Meta has already built local data centers in the EU, these announcements are hardly credible. The long term solution seems to be some form of ‘federated social network’ where most personal data would stay in the EU, while only ‘necessary’ transfers would continue - for example when a European sends a direct message to a US friend. While Meta only got a short implementation period to come up with a solution, it knew about the legal situation for ten years and was already served with a draft decision in 2022.
That is not something I have seen discussed here before, so I thought it might be interesting as an additional reason for “Project 92”.
Transferring data from EU to US is a major GDPR issue, which has been ongoing since 2013. There is a brief overview here: https://noyb.eu/en/eu-us-data-transfers-0
Also consider supporting NYOB, they have done so much work to protect our privacy and get GDPR enforcement done!
this is going to be more an issue for big instances i honestly suspect, however I also hope to see some tools to make compliance easier for people, deletion would just be a purge of the data, you can already do this for a number of sets including a specific user, its mostly for federated data, not sure how it works with home users. you can always manually edit the DB. The tools will need to get better fast.
as for us instances, they would be more likely to just block the EU unless compliance is super easy. its a federation so there is little reason for you to be on on instance so far away, im a big fan of many smaller instances.
imo the big take away is id like those in the EU to know is if you want good GDPR compliance, someone needs to go over the software and make compliance the easy default. For the most part, compliance can be automated.