You know, that every post or comment you make on lemmy/kbin can be sent to every federated instance and stored (collected) there? And those comments/posts may contain any of the information from the list, especially when aggregated from different sources and with all the basic meta-data available.
A company as big as meta needs to explicitly state that or they will have serious legal problems.
Of course, we know that Meta will want to abuse that data to monetize as much of it as possible and they have means to do so. On the other hand rogue federated instances could also abuse our data. That is the cost of being open. Company providing closed service can better protect our privacy, but we cannot trust them to do so (especially when the make money by processing and selling data).
I think those problems cannot be solved by technology – open or proprietary, but need to be solved by regulations and law enforcement. And at the same time the regulations should not block all data sharing, as then fediverse could not exist (now I wonder if lemmy/kbin can even be 'legal' according to GDPR, but IANAL). Tough problem.