Because, as I say in the post, wordpress.org sent me an email which literally says:

This does not indicate that WordPress.org is a GDPR covered website or owned by any entity which is subject to the GDPR.

I don't know how else to interpret that statement.