Not a lawyer too, but I'm interested what makes you (and jbfoo) believe that it doesn't apply to individuals. It's a EU regulation it should apply to natural and legal persons.
Ok, it has an exception for the processing of data by natural persons in the course of a purely personal or household activity but that doesn't mean it doesn't apply to individuals in general.
> Ok, it has an exception for the processing of data by natural persons in the course of a purely personal or household activity but that doesn't mean it doesn't apply to individuals in general.
If you set up a service that operates in the same way as a similar service would operate if it were done by a business then I suspect that you being a private individual is not going to be much protection, after all you are effectively roughly in the same situation as a sole proprietor business minus the incorporation.
If you process data for family and friends then that would most likely be enough to trigger the exception.
So the dividing line in the case of a Mastodon server would likely be whether or not you allow total strangers to make use of the service and whether or not you respect their rights.
