A warning and a perspective from an insider who has been through this before.
Couldn’t the protocol be updated to be more compliant with the right to be forgotten? Something like, when a user deletes a comment it gets deleted from the DB of every federated instance. Sure enough, admins might have made backups and that would theoretically go against the GDPR but still… you can only apply these laws to a certain extent. It’s the same as you posting a picture on Facebook, me downloading it and you deleting it afterwards. Even if you were to make a GDPR request to Meta you still couldn’t get the picture on my PC. But that’s not Meta’s fault, they can’t do much about that.