From your link
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person[15]
The “directly or indirectly” part is important here, a username is a constant identifier between a user’s posts and comments
Given comments and posts are free text input, there’s no way of knowing the entire set of a user’s content doesn’t contain PII, unless an admin wants to spend the time combing through and determining which posts definitely contain PII and which definitely don’t, they should delete it all. The data subject does not need to make specific listings of what they want deleted, the onus is on the service owner to be able to process the deletion request completely and within a timely manner.
poVoq@slrpnk.net 4 weeks ago
No, as only the instance admin that hosts the original account can indirectly associate a user handle with actual “personal data”. An admin of a federated instance can not, as they do not have any “personal data” to correlate it with.
If a user themselves posts “personal data” publicly it is not covered by the GDPR IANAL and thus not subject to mandatory deletion requests. Of course deleting everything is often the easiest course of action, but this is not legally required.
9point6@lemmy.world 4 weeks ago
Also not a lawyer but I’ve done a lot of GDPR training since it was introduced and I believe you’re incorrect—the data subject posting it publicly or not doesn’t factor into the validity of a deletion request under the GDPR. There are a limited set of specific reasons a service owner can refuse a deletion request and they’re pretty much down to preventing abuse and facilitating compliance with other laws.