The first time some random user files a sue in court the admins of their instance will be in trouble.

Lemmy devs are not affected, but instance admins are and according to the GDPR they are considered “data controllers” and are responsible for the processing of users’ data.

As far as I understand it, this lacking feature is an open “challenge” to existing regulation and legislators, maybe also to open people’s eyes about the fact that privacy claims are often not enforced even by those who claim to do so.