Exactly. I mean, determining the upper limits for the fines is the easy part, but actually following the law is difficult.
GDPR isn't really about the content, but about the user data to handle. That even includes IP addresses, which has been a hot topic among EU sysadmins for years. Then how to handle the data, which safety measures are necessary to match the legal requirements, how to implement e.g. "right to forget", how to export the user data in machine readable form, having defined workflow processes that are being followed, privacy declaration, getting user consent, determining where consent isn't needed because of legitimate operator interest, what said legitimate interest even is under the law, and so on. Mapping the legal requirements on process workflows and technical implementation is difficult.There needs to be someone who’s officially responsible for the content
However, there are other laws that do revolve around the content, depending on the EU country, and that also have to be followed. In Europe, freedom of speech is by far not what US Americans understand by that, and malicious postings can even put the platform operator at legal risk.
Me neither, that's why I'm for US based hosting in the first place, although I do like the GDPR in general. But companies have lawyers anyway, and some bureaucracy already for dealing with tax requirements, so it's not that far-fetched. It's different for our for-fun platform though.I can’t imagine anyone who’d be willing to do that without professional background or a corporation with lawyers behind.