Any EU based users of reddit should immediately file a complaint under GDPR with their supervisory authority
https://kbin.social/m/[email protected]/t/854162/Any-EU-based-users-of-reddit-should-immediately-file-aOpen linkView original on kbin.social785
Comments56
Former user, I've deleted my 12 years old account when Boost stopped working. I am not sure what can I do, I would gladly sue tbh.
If they still have your comments on the site then you still have a claim.
If they don't have the comments on the site, they probably do still retain the content secretly and technically you would have a claim, but it would be impossible to prove.
My DPO basically told me that since reddit told me (I contacted reddit first as per the GDPR) that I can delete my comments myself I should go ahead and do that, and that my case was closed. Even after telling her that there were still 2 comments visible only when my profile is viewed "signed out", and I provided a screenshot of a regular browser window where I am signed in and an incognito window where I am not, her reply was that once I delete my account they will not be linked to me in any way so they do not violate the GDPR...
It might not violate GDPR, but there's still copyright to it. Reddit haven't provided consideration in exchange for the rights they claim to your comment - access to the website is offered free of charge, regardless of whether you post.
Granted, that's a different avenue entirely, you'd have to take them to court for selling your work to train AI.
Doesnt work that way over here sadly 😁🥲
Even if they don't have your comments, if you find a gdpr complaint they will have to show that. You can ask to see any data they have on you and also ask them to delete it. (If you're actually going to sue them don't ask them to delete it, though. You'll need that in court.)
Boost hasn't stopped working. I'm still using it and I've used it everyday.
I have Boost for Lemmy and Reddit. Their icons are identical.
Could we sabotage the LLM training so the data became worthless?
Like adding to our comments stuff like "2+2=5" "Abraham Lincoln discovered America" and whatever silly statement you can think of
I think reddit is already sufficently full of misinformation that you dont need to add to it
Someone less lazy than me should use a script to feed existing comments into an LLM, which then reproduces a convincing sentence structure but incorrect gibberish content, and then edit all a user's comments - gradually, not all at once - to the poisoned content. Like 4chan did with the original captcha, but on a wider scale.
"Wipe out all of Europe"
Reddit definitely doesn’t seem like the kind of business that might utterly disregard such requests while insisting outwardly that they are complying.
The requests don't go to reddit, but the supervisory authorities. They can try and ignore those requests, but since they have offices in the EU, those can and will be slapped around - if any DPA takes action, that is.
Isn't it a violation once they do something?
Maybe its illegal to make impossible promises to investors, but the GDPR supervisor authority wouldn't be the place to make that complaint...
It is not clear if reddit has already engaged in this with Google, or if it is something that's only starting. However, as outlined in my post, they might have to consult with a DPA before engaging in this anyway, which I doubt they have done. So, no, DPAs are absolutely the right place to make that complaint.
Even if they hadn't started yet, might as well get their eyes on it, and force them to do it right from the get go (which they cannot do, as it currently stands).
You really believe a large Corp like reddit decided on something as big as this without consulting with their lawyers? Fuck spez, but there's no way not a single lawyer working with reddit remembered the massive legislation that has by far had the largest impact on the internet in years.
Corporate lawyers tend to be ...optimistic. And then management will put a risk calculation on top of that. As a result, most larger companies violate the GDPR. See the popular use of Google Analytics or Microsoft 365, for example, which are illegal in the EU, if you ask a DPA¹. Giving them a reality check is never a bad idea.
¹) https://www.imy.se/en/news/four-companies-must-stop-using-google-analytics/
https://news.itsfoss.com/microsoft-office-365-illegal-germany/
Especially US companies usually just do things and are willing to engage in lenghty legal battles after the fact.they are very, very litigous.
Another issue to consider is that the GPDR is held vague on purpose since it applies to your neighborhood yoga studio as well as Google or reddit. Entirely different use cases. So there is a lot of room for interpretation.
Looking at the conduct just within Europe, yes, I think it is possible GDPR considerations were either ignored or downplayed to the point of irrelevance. There was a recent study by noyb.eu which showed that DPOs are still often pressured to make recommendations that do not align with GDPR principles.
Either way, the DPAs will have to decide if the complaint has merit. Given new technologies are specifically mentioned im the GDPR, I am at least very curious to see how it turns out.
Yeah, a formal complaint isn't quite intended for this purpose. Just writing to your data protection authority/officer to let them know that this is important to look after, will do the same here. They can then hand out a warning to Reddit.
Former reddit user, deleted my accounts just a few weeks back, should I feel concern that my data may still be involved? I guess there would be no GDPR recourse for me anyway?
Did you also deleted your comments and posts?
Yes, all content possible, before deleting my account.
You didn't delete anything. You told reddit to delete stuff, but whether they actually did that is a different question. It isn't public on their website anymore, but the data might still be lying around on their servers
Yea they keep all the data. I deleted everything on my account when the whole shitshow happened and then GDPR requested the data associated with the account and it was all still there. And when I requested that they delete that too they outright refused.
i would love to see the answer from reddit because that sounds extremely illegal. keeping the data alone is already a violation.
Can you post a short version of what you sent them for inspiration?
That sounds like a gdpr violation. Companies can keep some things under the gdpr even when asked to delete them but i doubt your comments or whatever fall into that category.
You can ask to have everything related to you, to be deleted. Just provide your email.
Done. Simple process and can do it “anonymously”
Where?
For the dutch its: https://www.autoriteitpersoonsgegevens.nl/een-tip-of-klacht-indienen-bij-de-ap
But to be honest I think its already on their radar since its also in the news here (some) but every bit helps (i think)
Like the topic says in the last paragraph “ Find your supervisory authority (just use google, for added irony) by searching for "Data Protection supervisory authority [the state you live in]". but with state you should fill in your country.
...Any chance you could share what you wrote, for the truly lazy among us? Asking for a friend.
Sorry didnt copy what i wrote. Some along the line of well what they are selling and to whom and pasted the url from this article in the box. Nothing to lengthy, so its not a bother to read, just the facts, as far as i know them that is. Keep it short and simple. You can also attach documents if you have any.
PSA: GDPR still applies in law in the UK too; it has not been repealed
*UK GDPR. Because all EU legislations prior to Brexit have been made into domestic equivalents when the UK left the bloc.
...yet.
Ive been engaged in discussion with my country's data protection officer since the summer, and the reply I got was that I should delete comments myself. There are 2 comments that appear on my profile only if viewed while I am signed out, and when I raised the concerns with her I basically got the reply that "there is no personal information contained within and once you delete your account there is no username attached to them so you cant be linked with them". Is she right, and how do I handle this situation?
As I understand it:
As long as the link between data and user is severed, they are compliant with GDPR. Anonymising data (proper non-reversable anonymisation, rather than pseudo-anonymisation) is as good as deleting. As long as it's not personally identifiable, it's OK.
I suspect anyone else expecting the EU to purge reddit of their comments will be equally disappointed.
deleted by creator
what about the whole knowing who is who based on word pattern/habit, and connected content and/or opinion?
None of that really seems to count for GDPR. And good luck picking any one person out of a sea of a million orphaned comments.
The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you're getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.
If deleted was truly deleted, I'd say they're right on an individual case.
The issue I'm outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.
Which country?
Cyprus
Even threatening with a GDPR request was taken seriously by them half a year æg when I deleted my account.
Done. Screw Reddit.
Is there a way to export my data from reddit and archive it on Lemmy instead? I dont want my valuable contributions of difficult-to-find information to be lost forever by just deleting it
Honestly you can just leave it be. If you stop generating new content the value of Reddit will drop.
You can export your reddit data. There's no simple, existing way to replicate it on Lemmy though.
The export is machine readable, so scripting a loop that creates posts from it would be viable and reasonably doable.
Where do one make gdpr requests to reddit?
If you reside in the EU, here "[email protected]"
Are there any comment shredding utilities that still work after the API apocalypse? I'm an American, so I can only look at you GDPR-havers in jealousy.
Use a VPN to exit from an Irish proxy and make the report in Ireland.
Any based users in general, really
A Reddit account a lot of years ago, no relevant occassional posts, made with other PC from other city, no personal data. I don't think I'm going to bother connecting again to search and delete the few posts from then, the remedy would be worse than the problem.
I see no difference between most big tech companies and Reddit in terms of selling user data. Reddit is just being more forthcoming with it instead of allowing users to figure it out eventually.