Edit: obligatory explanation (thanks mods for squaring me away)…
What you see via the UI isn’t “all that exists”. Unlike Reddit, where everything is a black box, there are a lot more eyeballs who can see “under the hood”. Any instance admin, proper or rogue, gets a ton of information that users won’t normally see. The attached example demonstrates that while users will only see upvote/downvote tallies, admins can see who actually performed those actions.
Edit: To clarify, not just YOUR instance admin gets this info. This is ANY instance admin across the Fediverse.
Federation doesn’t evade GDPR.
If federation shares data it must do so without violating GDPR.
If your data is hosted on your instance, and shared to other instances, removal must also be shared.
The nature of sharing must at least be obvious and discoverable so you can request info and deletion of updating.
The request for removal must be shared, the removal itself not so much.
If the server isn’t located in the EU, it can happily ignore it (and maybe risk getting blocked in the EU sure)