Well, feel free to read GDPR yourself, I did multiple times, as did my colleagues as did our lawyers. If some piece of information cannot be tied to an individual, it’s not a personally identifiable information (PII). Let’s say your name is Matthew. If I have Matthew stored in my database, I don’t have to ask for your permission. If my database has the information that @poVoq@slrpnk.net has a first name “Matthew”, it’s a PII and I have to ask for your consent (or have a valid business reason to require your first name).
From the perspective of a Lemmy instance provider, they’re indeed responsible for their user’s PII. But in any case, I would only receive the IP address of someone, which I couldn’t tie to any other PII and thus it’s not a PII in itself.
If you disagree, all I can say is that you should read GPDR yourself, because I’m quite sure that I’m correct, because we’ve spent quite a lot of money and time on this exact issue a few years ago.
Feels like a moot point, especially here on Lemmy (or Fediverse in general), where almost everything you send is automatically sent to hundreds of other servers. But, well, I promise I don’t care about your IP and don’t store it even in system logs. Would it calm you a bit if I included a privacy policy?