Well, feel free to read GDPR yourself, I did multiple times, as did my colleagues as did our lawyers. If some piece of information cannot be tied to an individual, it’s not a personally identifiable information (PII). Let’s say your name is Matthew. If I have Matthew stored in my database, I don’t have to ask for your permission. If my database has the information that @poVoq has a first name “Matthew”, it’s a PII and I have to ask for your consent (or have a valid business reason to require your first name).
From the perspective of a Lemmy instance provider, they’re indeed responsible for their user’s PII. But in any case, I would only receive the IP address of someone, which I couldn’t tie to any other PII and thus it’s not a PII in itself.
If you disagree, all I can say is that you should read GPDR yourself, because I’m quite sure that I’m correct, because we’ve spent quite a lot of money and time on this exact issue a few years ago.