These are certainly big questions to ask. I think GDPR (and similar laws around the world) are even relatively easy.
I think the question of liability and content moderation is a much bigger risk. All those dodgy subreddits that reddit used to have. Is lemmy going to learn from those missteps, or will lemmy make the same mistakes (while legislation of course has matured much more since those days, putting a much higher onus on anybody who runs a server)

Y

not true :)
any EU citizen signing up on your server is still protected by GDPR.

this is why many US based sites decided to just not bother and cut off EU visitors to their sites (I mainly run into this with news sites)

I don’t think so. Not in Germany anyway. If you are a service for the general public, I am pretty sure you still have to follow GDPR. Same goes for liability, I assume. The person who is running a server would be liable for whatever content is shared on it…?

But yeah… I think this is a big question to be tackled now that growth is shooting upwards… fwiw, coincidentally, the German based feddit is asking this same question, I just saw right after posing the question: https://feddit.de/c/fedi_ds

ETA: ah, the legal section of feddit (where I signed up) covers the GDPR part very well. Excellent! That’s one of the biggest benefits vs. reddit: EU based servers.

what about jurisdiction? is that a factor?
Could I, an EU citizen, say, I really want to extra failsafe and benefits of GDPR by signing up on an instance based in an EU country, with a server inside an EU country, abiding EU laws and standard of privacy protection? Is that a thing? Or is the lemmy ecosystem a lawless wild west?