I just logged in and checked my reddit account, and all my deleted posts have come back.
I have already sent a GDPR request to Reddit and they refuse to comply.
I asked them to delete everything they have about me, including my account and they told me that I need to login into reddit and ask it from there which:
- I don’t have to since GDPR says that I can even do it verbally and I don’t even have to write to a specific email, I can just let any employee of that company that I want this and they should honor it.
- They straight up don’t even have the option to delete your data there, since I requested for the complete erasure of my data as that is also in my rights.
Reddit literally refuses to comply with GDPR rules and tonight after work I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.
Fuck Reddit I hope it crashes and burns.
Personally, I’d file the complaint with the Irish government. They seem to have a habit of going after big social media companies like Meta for GDPR violations.
I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.
This is the way.
@Alkalyon @shindig1457 I deleted my reddit account today. It’s going to crash and burn and I’m here for it
They are supposed to verify that the person requesting deletion or another right under GDPR is the same as the person whose data it is, or that at least the requester is authorized to act for the person whose data it is.
The controller should use all reasonable measures to verify the identity of a data subject
Huge emphasis on reasonable. If by asking me to log in for the sake of verification results in me not being able to delete my data as I’ve demonstrated above, then this is 100% NOT REASONABLE.
They are actively hindering the process that GDPR requires me to take.
I don’t care about the small letters, this is a GDPR violation. I should have an easy way to delete my data and this ain’t it.
Can a non European make use of this. Or do I have to be in Europe to make and register a complaint. I assume there is nothing I can do here but I might as well ask.
For companies, GDPR applies to people in European Economic Area whose data is used by companies, or companies that have an office in EEA or another stable arrangement in EEA and process personal data of people located anywhere.
GDPR applies to people in European Economic Area whose data is used by companies,
I am in Greece. I am protected by GDPR.
yes
If this checks out, they may be in disrespect of a bunch of privacy laws including GDPR.
And you really don’t want to screw around with GDPR:
- Non-compliance with an order by the supervisory authority as referred to in Article 58(2) shall, in accordance with paragraph 2 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e6226-1-1
4% feels really low, I wish the EU set it to like 25%
Looks like it checks out. https://mstdn.games/@chris/110553477682106144
Rather than delete posts, I propose all rexxitors instead edit all of their posts and comments to say that they are leaving reddit for good to go to the fediverse instead. Such edits should provide links to major Fediverse sites and getting started guides, with advice for other redditors to abandon that place and join us here.
That is exactly why you should always edit your stuff before deleting it. Very few companies ever save more than the last version of your stuff, due to space and performance considerations. That way they can restore whatever they want, it’ll simply come out as “x” or whatever you put in there.
Except they’re also apparently restoring even edited posts and comments.
Source?
Holy shit! They restored my comments that I deleted the other day. What a crock of shit. Fuck u/spez.
Copying my comment from another thread below. I have since realised that Reddit does have to be GDPR compliant so it must be applicable, but does it apply to all content?
Would this actually be a GDPR breach? I was thinking about the right to erasure/to be forgotten earlier in relation to a post I saw about how your posts aren’t deleted on other federated instances, if you delete them on your home server. But I figured it wasn’t applicable because it’s not personal data and I’m thinking the same about this Reddit issue. Can anyone set me straight?
Yes, definition of personal data from GDPR:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
This might be a silly question, because you know, big companies tend to ignore laws, but this cannot be GDPR (or maybe more importantly for this the California equivalent due to jurisdiction) compliant right?
In another thread, someone mentioned that the scripts that delete comments don’t work if the sub is private, so it could be that people are thinking their content was deleted, but the deletion didn’t actually happen.
I haven’t done it, so I can’t validate that.
