As decentralized social media gathers more users, the privacy by design and default principles from the GDPR are in accordance to the design model it proposes. This talk is going to tackle the main advantages and challenges this approach brings, from the perspective of the data protection legislation and privacy architectural strategies. Social media platforms have been a central feature in our generation and as we grow more toward understanding their power and taking part in their evolution, we realize the challenges they impose. One of those is how to protect personal data of users, and ensure that the processing is done in accordance with legislation such as GDPR. Decentralized social media has developed as a space where personal data ownership is a priority, coming as an alternative to centralized platforms. Not coincidentally, they are mostly open source software, as transparency and offering control of the data to the users go hand in hand with this ambition. Blockchain based social media networks, and projects built on top of the ActivityPub protocol are some of the most popular examples of alternatives which have gathered significant numbers of users or data subjects, under the GDPR. One of the main architectural strategies in building software which is privacy by default and design is data separation. It states that the processing of personal data should be performed whenever possible in a distributed manner. As the GDPR lists privacy by design and default as core principles, decentralized social networking poses a significant advantage compared to centralized solutions. One heuristic to take from this is if the future is privacy-oriented, then social media will be decentralized. This talk is going to offer an analysis of the main benefits and challenges that decentralized social medial pose, from the points of view of personal data protection legislation and privacy design patterns for software architecture.