Sure, a Romanian marketplace did something bad, what do I care, you might think. But the problem here is two-fold: First, the ruling is written in a way that can be generalised beyond only Romanian online market places, and into pretty much all platforms that fall under GDPR and handle social data. Secondly, copying and publishing data on other websites is exactly what federation is. The function of open social networking protocols like ActivityPub and atproto at their core is to have social data be copied and published on other websites.
This is an uhhh, slight bit of a problem, when European legal rulings make it very unclear if federation itself is in compliance with GDPR.
What’s funny is I called that out as a problem close to 2-3 years ago and people were getting on my case saying “no, they have to delete it!” How does it work when there’s a federated service outside of their jurisdiction? Are you going to go after thousands of individual instances or create a national firewall?
