I just logged in and checked my reddit account, and all my deleted posts have come back.
You must log in or register to comment.
I have already sent a GDPR request to Reddit and they refuse to comply.
I asked them to delete everything they have about me, including my account and they told me that I need to login into reddit and ask it from there which:
- I don’t have to since GDPR says that I can even do it verbally and I don’t even have to write to a specific email, I can just let any employee of that company that I want this and they should honor it.
- They straight up don’t even have the option to delete your data there, since I requested for the complete erasure of my data as that is also in my rights.
Reddit literally refuses to comply with GDPR rules and tonight after work I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.
Fuck Reddit I hope it crashes and burns.
Mm mm sure does smell like EU legal action in here.
On a serious note, that is an absolute new low for Reddit and I’m sorry that you have to deal with it right now.
Personally, I’d file the complaint with the Irish government. They seem to have a habit of going after big social media companies like Meta for GDPR violations.
They are supposed to verify that the person requesting deletion or another right under GDPR is the same as the person whose data it is, or that at least the requester is authorized to act for the person whose data it is.
The controller should use all reasonable measures to verify the identity of a data subject
Huge emphasis on reasonable. If by asking me to log in for the sake of verification results in me not being able to delete my data as I’ve demonstrated above, then this is 100% NOT REASONABLE.
They are actively hindering the process that GDPR requires me to take.
I don’t care about the small letters, this is a GDPR violation. I should have an easy way to delete my data and this ain’t it.
Can a non European make use of this. Or do I have to be in Europe to make and register a complaint. I assume there is nothing I can do here but I might as well ask.
For companies, GDPR applies to people in European Economic Area whose data is used by companies, or companies that have an office in EEA or another stable arrangement in EEA and process personal data of people located anywhere.
GDPR applies to people in European Economic Area whose data is used by companies,
I am in Greece. I am protected by GDPR.
yes
How much could they get fined for this?
I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.
This is the way.
If this checks out, they may be in disrespect of a bunch of privacy laws including GDPR.
And you really don’t want to screw around with GDPR:
- Non-compliance with an order by the supervisory authority as referred to in Article 58(2) shall, in accordance with paragraph 2 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e6226-1-1
4% feels really low, I wish the EU set it to like 25%
Looks like it checks out. https://mstdn.games/@chris/110553477682106144
Damn with screenshots and everything. Reddit might be screwd
In another thread, someone mentioned that the scripts that delete comments don’t work if the sub is private, so it could be that people are thinking their content was deleted, but the deletion didn’t actually happen.
I haven’t done it, so I can’t validate that.
That is exactly why you should always edit your stuff before deleting it. Very few companies ever save more than the last version of your stuff, due to space and performance considerations. That way they can restore whatever they want, it’ll simply come out as “x” or whatever you put in there.
Except they’re also apparently restoring even edited posts and comments.
Source?
This might be a silly question, because you know, big companies tend to ignore laws, but this cannot be GDPR (or maybe more importantly for this the California equivalent due to jurisdiction) compliant right?
Holy shit! They restored my comments that I deleted the other day. What a crock of shit. Fuck u/spez.
WTF!!! Thx for raising awareness. This is crossing a line.
I guess next step would be not to delete posts but to edit them.Another user said they restore edited content too. They blanket restore anyone’s content which looks like it’s deleted by a script.
I can’t go on and manually delete twelve years of comments, I don’t think anyone can.
This will only be resolved if enough people take them to court and reddit is forced to add a complete data deletion option for all users.
That’s low. I wouldn’t put it past them, but I want to see proof before commenting on this.
So I overwrite my posts and deleted with power delete suite, then deleted my account, and I’ve gone back and looked for my most recent posts and comments and they are still indeed gone.
I’m wondering if some people ran it while subs are already private and it simply wasn’t able to remove those posts and they didn’t show up until the subs became active again?
Not sure, but it’s not everyone that’s affected apparently.
After reading this, I’m deleting my post and comment history immediately, but not my account. I will check regularly and delete again if reddit tries to bring it back. Might as well make them work for it.
you can schedule deletions with redact.dev app, in case you wanna set it up automatically
Copying my comment from another thread below. I have since realised that Reddit does have to be GDPR compliant so it must be applicable, but does it apply to all content?
Would this actually be a GDPR breach? I was thinking about the right to erasure/to be forgotten earlier in relation to a post I saw about how your posts aren’t deleted on other federated instances, if you delete them on your home server. But I figured it wasn’t applicable because it’s not personal data and I’m thinking the same about this Reddit issue. Can anyone set me straight?
Yes, definition of personal data from GDPR:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
This is why I edited all my comments to say that a certain CEO is a greedy little pig boy instead of straight on deleting them.
Supposedly they’re also undoing mass edits
Fucking pigboy doing pigboy things
