Jetpack the plugin does not send end-user data home, only Jetpack the paid service does that, the customer base of Jetpack is small. If a plugin's theoretical access to user data is enough to cause GDPR responsibilities for the developer that would have broad ramifications across the world of open-source, as code written by some developer in their free time is being used by every company.
This is factually incorrect. Jetpack, even the free version, sends all sorts of data over to Automattic. Automattic has access to the details of any site running Jetpack. This may have changed with the shift to modularized separate plugins but prior to 2022, there was a ton of data being sent to Automattic.
