I’m no lawyer, however, having gone through this a couple of times as a service provider this is my understanding:
GDPR and similar laws cover data which the provider has gathered about you and may have been shared with third parties.
Generally, user generated content is not covered under GDPR requests. Any content that you chose to post which is self-identifying was posted at your discretion.
The best examples of where this must be true are mailing list archives and Git reposities. E.g., the email address you gave to GitHub on signups and the email address that you attached to a git commit may have been the same, but only one use case provides for GDPR protection. Mostly.
In practice there’s a lot of gray area in GDPR and privacy lawyers often have to find the inflection point somewhere between clearly covered and clearly not covered.
I’m no lawyer, however, having gone through this a couple of times as a service provider this is my understanding:
GDPR and similar laws cover data which the provider has gathered about you and may have been shared with third parties.
Generally, user generated content is not covered under GDPR requests. Any content that you chose to post which is self-identifying was posted at your discretion.
The best examples of where this must be true are mailing list archives and Git reposities. E.g., the email address you gave to GitHub on signups and the email address that you attached to a git commit may have been the same, but only one use case provides for GDPR protection. Mostly.
In practice there’s a lot of gray area in GDPR and privacy lawyers often have to find the inflection point somewhere between clearly covered and clearly not covered.