Did the EU really pass a law so poorly written so as to at tempt to impose a literally impossible burden upon some random guy in the US who happens to run a Mastodon instance?
What is expected of of that? Log scrubbing? Modifying my backups? Nothing since I'm not a business and don't conduct business?
What are the consequences? Could someone in the EU sue me? How do I check if someone is actually a citizen and I need to comply?
The whole thing just seems half-baked and crazy to me right now.
Context: I am a bad person and need to upgrade my Mastodon instance, so someone felt the need to send me a GDPR demand over it.