The author of this blog post just realized that things posted publicly on the internet are indeed public, and that Ctrl+C and Ctrl+V exist.

This is not some special property of the Fediverse, it's how the internet has always worked. If you post something publicly (say on your personal blog) then others can see it, make copies and redistribute them, even if you later decide to delete the original content. Companies like Google build massive indexes of everything posted by anyone ever, and there is nothing you can do about it if you want your content to be publicly accessible. If you share something with just a group of people, and someone decides to make it public, then it's public. Nothing new about that.

The GDPR works in exactly the same way in the Fediverse as with the existing services right now. If you want something deleted you have to send a notice to every service that has your content. In reality you'll just send it to the X biggest services, because they represent 99% of the users that could potentially see that content, and that's usually enough. You can do the same with the X most popular Fediverse instances. Even better, we might be able to create a standardized and automated process for it, because they all run the same set of Fediverse apps using ActivityPub after all.

Afaik DMs work just like unencrypted (so regular!) emails. If you send your company secrets to john@we-leak-your-mails.com then you're probably screwed, same thing with @john@we-leak-your-dms.lemmy.