PyPI was subpoenaed, especially point 6:

A synopsis of all IP Addresses for each username from previous records were shared. These were sourced from our database records and are private to PyPI.

• Hacker News discussion about this
• Who does the data protection law apply to?
• Does the GDPR apply to companies outside of the EU?
• When do the GDPR provisions apply to non-EU businesses?

• Be in the European Union. No citizenship required.
• Create an account at https://pypi.org/account/register/ (archive.is English localization memento from 24 May 2023 20:25:43 UTC). Notice that you don't have to provide any explicit consent to any terms and conditions.
• Confirm verification e-mail. Notice it just contains a confirmation link, e.g. https://pypi.org/account/verify-email/?token=eyJhY3Rpb24iOiJlbWFpbC12ZXJpZnkiLCJlbWFpbC5pZCI6IjEyMzQ1IiwiYWxnIjoiSFMyNTYifQ.YWJjZA.bB3cVvD2EnTZ7sOD7XNPnxv0xgl9Q3svmcDCG8UTR9Q.
  • The token parameter value is an unencrypted, HMACSHA256-signed JSON Web Token, in this example it provides the following information (try it out at https://jwt.io/):

// header
{
  "action": "email-verify",
  "email.id": "12345",
  "alg": "HS256"
}

// payload
"abcd"

• Visit the Python Packaging Authority's (PyPA) pypa/sampleproject GitHub project page.
• Select Use this template and create your own fork, e.g. Abdull/gdpr.
• Adapt repository files, in particular pyproject.toml and README.md.
• Build:

# see https://packaging.python.org/en/latest/flow/
# see https://packaging.python.org/en/latest/tutorials/installing-packages/
# see https://packaging.python.org/en/latest/tutorials/packaging-projects/

# assuming Debian 11 bullseye in the following

# get ensurepip, Debian apt-way:
sudo apt install python3-venv

pip install --upgrade pip setuptools wheel build

# inside your project
python3 -m build

# on success, shall end with line
# Successfully built gdpr-1.0.0.tar.gz and gdpr-1.0.0-py3-none-any.whl