Update: As some have pointed out: the restores can be rollbacks from the server issues or post haven’t been properly deleted due to subs being private during blackouts. Many have experienced the same issue, I can’t explain how this happens. I’ll just run the script again, try the GDPR request and delete my account.
Also worth noting: according to the ToS Reddit can actually do whatever they want with existing content, apparently we agreed to this when signing up.
This could be worse than anything else they’ve done. If they claim they own the data, are they then not responsible for it like newspapers? Is it in their terms and conditions they are free to do whatever with posted information, do they have the rights to edit users comments but in doing so become a content provider and therefore responsible. Kicking mods out doesn’t land you in court this seems high risk to be manipulating content. Doesn’t matter why it was deleted or edited it was deleted or edited who gets to decide what version to restore. Either you are hands off or you own the data and are responsible for it and upheld to media standards.
Edit: found a snippit of the terms and conditions in a German GDPR thread, It appears it is their terms and conditions that after you post it they can do with it what they like, even adapt it. Either way that’s not a reason to be gone.
I picked up a permanent ban, after 15 years for saying ‘Go outside fatso’ to someone who said I couldnt read. Not my proudest moment, but there you go.
The reason I mention it, is that it adds a different dynamic if they are trying retain (and prevent me from editing) data which they hold about me. They might argue that doesn’t extend to post where I’ve written “cats > dogs” - but anything where I’ve refered to where I live, whether I have kids, what my political views are, are all clearly personal details which they are not allowed to hold without retaining my consent.
Clear contraventions on GDPR in EU.
https://commission.europa.eu/law/law-topic/data-protection/eu-data-protection-rules_en
Worth noting is that a number of US states also have strong protection laws. So, delete you comments manually and then, if you’re really trying to ensure that they delete your data, submit a data removal request that cites your locale’s law on data removal.
Theeeeeen in 6 months or so, send a data retrieval request to make sure they followed through… and report them if they did not comply. Might as well make them pay for that data if they can’t follow the rules.
Assuming that this is, in fact, not legal and if they have money that can be gone after, I assume that someone may start a class action suit. In theory, they’re worth multiple billions, so…
An individual probably doesn’t care much about whatever harm is done, as the damage is too small. But this is the kind of thing where a lawyer can walk away with a big payday by aggregating cases of many users and then getting a percentage of any payout.
I am not at all certain that it is not legal, though.
This is shitty of them to do but this is what people have been trying to tell us since the dawn of the internet. Nothing on the internet is EVER truly deleted
Have a read through. It definitely relates to GDPR (and even the Right to be Forgotten). Those are our accounts, linked to our emails. It is content we generate (even Reddit admits the content is owned by the creator). So if I want to delete everything and leave no trace I should be able to.
https://www.cyberghostvpn.com/en_US/privacyhub/how-to-delete-reddit-account/
That’s debatable. Sure. my account doesn’t actually contain my name and address, but it contains almost 14 years of posts and comments. Through the years I’ve probably let slip enough small pieces of information about myself that a motivated person would be able to identify me. This would still make it identifiable information.
The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics
By definition commenting reddit users are covered, even if they haven’t posted anything otherwise identifying – but most have either way.
please don’t state things if you don’t know what you’re talking about. it absolutely applies. it’s a personalized account, with a personalized email address – this is the core of GDPR. it might not apply cause reddit is not within the legislation of the EU. maybe.
Yes it is, as pointed out here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-140833 and here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-141285
Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.
For most people, GDPR probably applies to at least some of their comments on Reddit.
If a user is commenting they have an online identifier and are thus covered. If a user has ever referenced their relationship status, location or any physical descriptor they are covered. The GDPR – it applies.
Yes it is, as pointed out here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-140833 and here https://kbin.social/m/RedditMigration/t/34112/Updated-Reddit-is-quietly-restoring-deleted-AND-overwritten-posts-and#entry-comment-141285
And also see https://kbin.social/m/reddit@lemmy.ml/t/34167/Reddit-is-restoring-deleted-posts#entry-comment-141186
Nothing on the internet is EVER truly deleted
That is such a shitty move. Forcing subreddits to go back up is one thing, but as a european this feels very wrong from a data ownership standpoint and I’m not sure it’s ok in the GDPR rules?
I think we should actively keep track of Reddit restoring user’s content without people’s permission. Screenshots, timestamps, everything. Monitor it all.
Maybe if Reddit go ahead with their API change whilst treating their users like such disposable crap, we could reach out to the EU to inform them of Reddit’s GDPR breaches. Maybe that’d lead to their new revenue from API charges disappearing into hefty EU fines.
Update: Maybe there’s going to be some loophole about actually having to use the data deletion request via Reddit’s UI for there to be an actually GDPR breach though thinking about it. Going to ask around some Law friends for advise
That’s an excellent idea! EU regulations on the digital rights of users are not to be trifled with, and “the right to be forgotten” is a big one.
I’m not sure it’s ok in the GDPR rules?
That would probably be related to “right to erasure”.
But even this has limits, since sometimes the data can be necessary for a service (for example, you might be unable to get invoice data erased before X years, as a legal requirement)
Since messages on forums can be considered “needed” to understand a thread, it’s usually advised to make all messages anonymous if a user requests complete deletion.
I guess here it’s a little different, since the messages were removed by users, so it’s not a gdpr request. Not sure how it works in that case.
Other issue is if the messages themselves contain personal information… Someone going through my old reddit profile could probably figure out my identity since I mentioned one of my (very uncommon) previous job a few times.
Best way to figure out how it works here would probably be to contact the gdpr authority for your country… And they might have trouble with it too.
But even this has limits, since sometimes the data can be necessary for a service (for example, you might be unable to get invoice data erased before X years, as a legal requirement)
But then it still needs to be marked as a “DO NOT TOUCH”. you aren’t allowed to use it then for any other purpose.
@Anahkiasen @chri5 almost certainly no bueno under GDPR.
Post content being deemed PII at user digression is already a… questionable stance to take with GDPR but probably grey enough to the point where a DPA won’t bother with it while they have bigger fish to fry.
Outright going against user requested data removal tho? Yeah that’s a good way to net you GDPR complaints. If the user requests their info removed, you’re required to oblige unless you have a reason that amounts to something like “we need this to keep the service operational”, which post content almost certainly isn’t.
(ie. You’re not gonna be able to GDPR your IP address or email off of the banlist.)
Earlier this week I deleted all of my comments except for some in a private sub. I just checked and all the posts I deleted are back 🤬