- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
I just logged in and checked my reddit account, and all my deleted posts have come back.
I have already sent a GDPR request to Reddit and they refuse to comply.
I asked them to delete everything they have about me, including my account and they told me that I need to login into reddit and ask it from there which:
- I don’t have to since GDPR says that I can even do it verbally and I don’t even have to write to a specific email, I can just let any employee of that company that I want this and they should honor it.
- They straight up don’t even have the option to delete your data there, since I requested for the complete erasure of my data as that is also in my rights.
Reddit literally refuses to comply with GDPR rules and tonight after work I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.
Fuck Reddit I hope it crashes and burns.
Personally, I’d file the complaint with the Irish government. They seem to have a habit of going after big social media companies like Meta for GDPR violations.
Mm mm sure does smell like EU legal action in here.
On a serious note, that is an absolute new low for Reddit and I’m sorry that you have to deal with it right now.
Yea, get onto your national data commissioner or friendly solicitor and see what happens, it’s crazy that they aren’t following GDPR. Good luck!
Can a non European make use of this. Or do I have to be in Europe to make and register a complaint. I assume there is nothing I can do here but I might as well ask.
You can file a complaint with any EU supervisory authority, even if you’re not personally an EU citizen, as long as the company you’re complaining about does operate specifically and targeted in the EU. It is better if you are a citizen though. But as long as they’re mishandling EU citizens data, doesn’t matter who tells the authorities.
For companies, GDPR applies to people in European Economic Area whose data is used by companies, or companies that have an office in EEA or another stable arrangement in EEA and process personal data of people located anywhere.
GDPR applies to people in European Economic Area whose data is used by companies,
I am in Greece. I am protected by GDPR.
yes
They are supposed to verify that the person requesting deletion or another right under GDPR is the same as the person whose data it is, or that at least the requester is authorized to act for the person whose data it is.
The controller should use all reasonable measures to verify the identity of a data subject
Huge emphasis on reasonable. If by asking me to log in for the sake of verification results in me not being able to delete my data as I’ve demonstrated above, then this is 100% NOT REASONABLE.
They are actively hindering the process that GDPR requires me to take.
I don’t care about the small letters, this is a GDPR violation. I should have an easy way to delete my data and this ain’t it.
I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.
This is the way.
If this checks out, they may be in disrespect of a bunch of privacy laws including GDPR.
And you really don’t want to screw around with GDPR:
- Non-compliance with an order by the supervisory authority as referred to in Article 58(2) shall, in accordance with paragraph 2 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e6226-1-1
4% feels really low, I wish the EU set it to like 25%
Looks like it checks out. https://mstdn.games/@chris/110553477682106144
Damn with screenshots and everything. Reddit might be screwd
I have mentioned it in my other comment in this thread.
The link that the thread you linked to, has, doesn’t work. It doesn’t even have an option to delete your data. I have screenshots on my other comment.
Reddit doesn’t have a way for you to delete your data which against the GDPR.
WTF!!! Thx for raising awareness. This is crossing a line.
I guess next step would be not to delete posts but to edit them.Another user said they restore edited content too. They blanket restore anyone’s content which looks like it’s deleted by a script.
I can’t go on and manually delete twelve years of comments, I don’t think anyone can.
This will only be resolved if enough people take them to court and reddit is forced to add a complete data deletion option for all users.
That’s low. I wouldn’t put it past them, but I want to see proof before commenting on this.
After reading this, I’m deleting my post and comment history immediately, but not my account. I will check regularly and delete again if reddit tries to bring it back. Might as well make them work for it.
So I overwrite my posts and deleted with power delete suite, then deleted my account, and I’ve gone back and looked for my most recent posts and comments and they are still indeed gone.
I’m wondering if some people ran it while subs are already private and it simply wasn’t able to remove those posts and they didn’t show up until the subs became active again?
Not sure, but it’s not everyone that’s affected apparently.
This is why I edited all my comments to say that a certain CEO is a greedy little pig boy instead of straight on deleting them.
Supposedly they’re also undoing mass edits
Fucking pigboy doing pigboy things
They’re really scraping the barrel now.
But the main thing we can do is move quality content here.
This might be a silly question, because you know, big companies tend to ignore laws, but this cannot be GDPR (or maybe more importantly for this the California equivalent due to jurisdiction) compliant right?
In another thread, someone mentioned that the scripts that delete comments don’t work if the sub is private, so it could be that people are thinking their content was deleted, but the deletion didn’t actually happen.
I haven’t done it, so I can’t validate that.
That is exactly why you should always edit your stuff before deleting it. Very few companies ever save more than the last version of your stuff, due to space and performance considerations. That way they can restore whatever they want, it’ll simply come out as “x” or whatever you put in there.
Except they’re also apparently restoring even edited posts and comments.
Source?
I scrubbed two accounts on the 13th, and they’re both back with the original posts as of this morning the 16th.
Same for me
Holy shit! They restored my comments that I deleted the other day. What a crock of shit. Fuck u/spez.
Copying my comment from another thread below. I have since realised that Reddit does have to be GDPR compliant so it must be applicable, but does it apply to all content?
Would this actually be a GDPR breach? I was thinking about the right to erasure/to be forgotten earlier in relation to a post I saw about how your posts aren’t deleted on other federated instances, if you delete them on your home server. But I figured it wasn’t applicable because it’s not personal data and I’m thinking the same about this Reddit issue. Can anyone set me straight?
Yes, definition of personal data from GDPR:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
This is actually good. Mass-deleting posts and comments hurts users more than Reddit itself in the long term.
When you strike, the goal is to inconvenience or otherwise impact the users of the service. That’s how you hurt the service provider.
When the bus drivers strike, who does it hurt more? The public transit office? Or riders?
When grocery store employees strike, that has direct impact on shoppers.
When the writers guild strikes, the most affected are filmnand television viewers.
The whole goal is to affect change by altering the behaviour of users. Otherwise, you just get scabs.
What script are you using to mass edit? Even if they revert it, I would like to try.
I used PowerDeleteSuite to edit and delete. You can configure it to just edit if you want.
Edits seem to be throttled to one every 5 seconds. I ran powerdeletesuite several times and it got most of my comments, but still not all.
The throttling is new. They may be doing that to discourage people scrubbing their accounts, though it could also be a load issue since a lot of people have been doing.
When I did it last weekend it seemed to work fine. I had to run it a couple of times, and it took a while, but in the end it seemed to get everything.
Really? How does that play with jurisdictions that have right to right to be forgotten laws? Seems like a pretty risky play for them to restore deleted posts that were explicitly deleted by its author.
That smells like massive fines in the EU due to GDPR law.