@Arkandel Perhaps, but let's take it a little deeper.
In theory any online service that communicates with persons in the EU falls under the GDPR, even if monetary transactions aren't taking place. Per the GDPR any processor or controller of PII (personally identifying information) of EU citizens must disclose what is being collected, what is getting logged, how long it will log for, how it will be shared, and can only collect/keep as much is necessary for the service to take place.
So, in theory, since the GDPR considers IP addresses to be PII, it wouldn't be out of bounds for a citizen of the EU to demand an audit of a MU for any PII of theirs that was collected, shared, etc.
I know the topic is in regards to privacy in terms of "reading someone's poses", but between using telnet and the fact that most game runners don't even know what info is kept/collected (or whether or not that DB stolen from the old WoD game was made to make a new one) there's a chance that plenty of stuff exists in storage on these games that people may not wanto be collected.
Everyone who play these games should absolutely assume that staff, players, people snooping their connection, etc are able to read their TS, because it really is an insecure hobby with a shitload of "PII collecting gray area". Most people care a lot about policies regarding behavior/staff snooping, but tend to not think to ask about whether or not staff are aware of or have an eyeball on how their PII is controlled or TS logs are able to be read by Swedish 16 year olds with warez that were obsolete almost 15 years ago.