this post was submitted on 16 Jun 2023
22 points (100.0% liked)

Reddit

13618 readers
1 users here now

founded 5 years ago
MODERATORS
 

I just logged in and checked my reddit account, and all my deleted posts have come back.

top 44 comments
sorted by: hot top controversial new old
[–] [email protected] 17 points 1 year ago (5 children)

I have already sent a GDPR request to Reddit and they refuse to comply.

I asked them to delete everything they have about me, including my account and they told me that I need to login into reddit and ask it from there which:

  1. I don't have to since GDPR says that I can even do it verbally and I don't even have to write to a specific email, I can just let any employee of that company that I want this and they should honor it.
  2. They straight up don't even have the option to delete your data there, since I requested for the complete erasure of my data as that is also in my rights.

Reddit literally refuses to comply with GDPR rules and tonight after work I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.

Fuck Reddit I hope it crashes and burns.

[–] [email protected] 1 points 1 year ago

Personally, I'd file the complaint with the Irish government. They seem to have a habit of going after big social media companies like Meta for GDPR violations.

[–] [email protected] 1 points 1 year ago (1 children)

Mm mm sure does smell like EU legal action in here.

On a serious note, that is an absolute new low for Reddit and I’m sorry that you have to deal with it right now.

[–] [email protected] 1 points 1 year ago

Yea, get onto your national data commissioner or friendly solicitor and see what happens, it's crazy that they aren't following GDPR. Good luck!

[–] [email protected] 0 points 1 year ago (2 children)

@Alkalyon

@shindig1457

Can a non European make use of this. Or do I have to be in Europe to make and register a complaint. I assume there is nothing I can do here but I might as well ask.

[–] [email protected] 1 points 1 year ago (1 children)

For companies, GDPR applies to people in European Economic Area whose data is used by companies, or companies that have an office in EEA or another stable arrangement in EEA and process personal data of people located anywhere.

[–] [email protected] 0 points 1 year ago (1 children)

GDPR applies to people in European Economic Area whose data is used by companies,

I am in Greece. I am protected by GDPR.

[–] [email protected] 1 points 1 year ago

You can file a complaint with any EU supervisory authority, even if you're not personally an EU citizen, as long as the company you're complaining about does operate specifically and targeted in the EU. It is better if you are a citizen though. But as long as they're mishandling EU citizens data, doesn't matter who tells the authorities.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

They are supposed to verify that the person requesting deletion or another right under GDPR is the same as the person whose data it is, or that at least the requester is authorized to act for the person whose data it is.

[–] [email protected] 2 points 1 year ago

The controller should use all reasonable measures to verify the identity of a data subject

Huge emphasis on reasonable. If by asking me to log in for the sake of verification results in me not being able to delete my data as I've demonstrated above, then this is 100% NOT REASONABLE.

They are actively hindering the process that GDPR requires me to take.

I don't care about the small letters, this is a GDPR violation. I should have an easy way to delete my data and this ain't it.

[–] [email protected] -1 points 1 year ago

I am going to lodge a formal complain about GDPR violations as I do have proof of this in my emails.

This is the way.

[–] [email protected] 5 points 1 year ago (2 children)

If this checks out, they may be in disrespect of a bunch of privacy laws including GDPR.

[–] [email protected] 2 points 1 year ago (1 children)

And you really don't want to screw around with GDPR:

  1. Non-compliance with an order by the supervisory authority as referred to in Article 58(2) shall, in accordance with paragraph 2 of this Article, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher.

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679#d1e6226-1-1

[–] [email protected] 1 points 1 year ago

4% feels really low, I wish the EU set it to like 25%

[–] [email protected] 2 points 1 year ago (2 children)
[–] [email protected] 1 points 1 year ago

I have mentioned it in my other comment in this thread.

The link that the thread you linked to, has, doesn't work. It doesn't even have an option to delete your data. I have screenshots on my other comment.

Reddit doesn't have a way for you to delete your data which against the GDPR.

[–] [email protected] 1 points 1 year ago

Damn with screenshots and everything. Reddit might be screwd

[–] [email protected] 2 points 1 year ago

After reading this, I'm deleting my post and comment history immediately, but not my account. I will check regularly and delete again if reddit tries to bring it back. Might as well make them work for it.

[–] [email protected] 2 points 1 year ago (1 children)

WTF!!! Thx for raising awareness. This is crossing a line.
I guess next step would be not to delete posts but to edit them.

[–] [email protected] 2 points 1 year ago (1 children)

Another user said they restore edited content too. They blanket restore anyone's content which looks like it's deleted by a script.

I can't go on and manually delete twelve years of comments, I don't think anyone can.

This will only be resolved if enough people take them to court and reddit is forced to add a complete data deletion option for all users.

[–] [email protected] 1 points 1 year ago

That's low. I wouldn't put it past them, but I want to see proof before commenting on this.

[–] [email protected] 1 points 1 year ago (1 children)

That is exactly why you should always edit your stuff before deleting it. Very few companies ever save more than the last version of your stuff, due to space and performance considerations. That way they can restore whatever they want, it'll simply come out as "x" or whatever you put in there.

[–] [email protected] 2 points 1 year ago (1 children)

Except they're also apparently restoring even edited posts and comments.

[–] [email protected] 1 points 1 year ago (1 children)
[–] [email protected] 3 points 1 year ago (1 children)

I scrubbed two accounts on the 13th, and they're both back with the original posts as of this morning the 16th.

[–] [email protected] 1 points 1 year ago

Same for me

[–] [email protected] 1 points 1 year ago (1 children)

This is why I edited all my comments to say that a certain CEO is a greedy little pig boy instead of straight on deleting them.

[–] [email protected] 1 points 1 year ago

Supposedly they're also undoing mass edits

Fucking pigboy doing pigboy things

[–] [email protected] 1 points 1 year ago

Holy shit! They restored my comments that I deleted the other day. What a crock of shit. Fuck u/spez.

[–] [email protected] 1 points 1 year ago

So I overwrite my posts and deleted with power delete suite, then deleted my account, and I’ve gone back and looked for my most recent posts and comments and they are still indeed gone.

I’m wondering if some people ran it while subs are already private and it simply wasn’t able to remove those posts and they didn’t show up until the subs became active again?

Not sure, but it’s not everyone that’s affected apparently.

[–] [email protected] 1 points 1 year ago

In another thread, someone mentioned that the scripts that delete comments don't work if the sub is private, so it could be that people are thinking their content was deleted, but the deletion didn't actually happen.

I haven't done it, so I can't validate that.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

This might be a silly question, because you know, big companies tend to ignore laws, but this cannot be GDPR (or maybe more importantly for this the California equivalent due to jurisdiction) compliant right?

[–] [email protected] 1 points 1 year ago

They're really scraping the barrel now.

But the main thing we can do is move quality content here.

[–] [email protected] 0 points 1 year ago (1 children)

What script are you using to mass edit? Even if they revert it, I would like to try.

[–] [email protected] 0 points 1 year ago (1 children)

I used PowerDeleteSuite to edit and delete. You can configure it to just edit if you want.

[–] [email protected] 0 points 1 year ago (1 children)

Edits seem to be throttled to one every 5 seconds. I ran powerdeletesuite several times and it got most of my comments, but still not all.

[–] [email protected] 1 points 1 year ago

The throttling is new. They may be doing that to discourage people scrubbing their accounts, though it could also be a load issue since a lot of people have been doing.

When I did it last weekend it seemed to work fine. I had to run it a couple of times, and it took a while, but in the end it seemed to get everything.

[–] [email protected] 0 points 1 year ago (1 children)

Copying my comment from another thread below. I have since realised that Reddit does have to be GDPR compliant so it must be applicable, but does it apply to all content?

Would this actually be a GDPR breach? I was thinking about the right to erasure/to be forgotten earlier in relation to a post I saw about how your posts aren't deleted on other federated instances, if you delete them on your home server. But I figured it wasn't applicable because it's not personal data and I'm thinking the same about this Reddit issue. Can anyone set me straight?

[–] [email protected] 2 points 1 year ago

Yes, definition of personal data from GDPR:

'personal data' means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

[–] [email protected] 0 points 1 year ago (1 children)

This is actually good. Mass-deleting posts and comments hurts users more than Reddit itself in the long term.

[–] [email protected] 1 points 1 year ago

When you strike, the goal is to inconvenience or otherwise impact the users of the service. That's how you hurt the service provider.

When the bus drivers strike, who does it hurt more? The public transit office? Or riders?

When grocery store employees strike, that has direct impact on shoppers.

When the writers guild strikes, the most affected are filmnand television viewers.

The whole goal is to affect change by altering the behaviour of users. Otherwise, you just get scabs.

[–] [email protected] 0 points 1 year ago (1 children)

Really? How does that play with jurisdictions that have right to right to be forgotten laws? Seems like a pretty risky play for them to restore deleted posts that were explicitly deleted by its author.

[–] [email protected] 2 points 1 year ago

That smells like massive fines in the EU due to GDPR law.