Except that only applies to federated servers that exist in the EU. If your data gets federated out to a country outside of the EU, they don’t have to listen to your whines of GDPR as it’s not enforceable. And given that you could be federated with hundreds of instances across the world, good luck.
I said the same thing with AI scraping. All someone needs is to add their own instance that federates with everyone else and they can scrape data for AI training till their heart’s content.
Cool cool, now realistically, do you have the time, resources and know how to find and contact every owner of every federated instance these comments have made to? Would you be able to deal with the legal resources of any number of jurisdictions to truly test whether that is actually enforceable?
My point basically is that it’s functionally impossible regardless of what the law says, and you should treat your comments and personal information as such that they won’t ever be able to be deleted or scrubbed.