2369
Mates, today without warning, the reddit royal navy attacked. I've been demoded by the admins.
(lemmy.dbzer0.com)
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
They have even been restoring deleted posts. Fuck reddit
Hmm.... wouldn't restoring deliberately-user-deleted content directly break a bunch of "right to be forgotten"-style laws that Reddit's technically obliged to follow? (GDPR, some California laws, etc)?
In my country we have something called Datainspektionen, they hunt down companies that break GDPR, perhaps it's time to report Reddit..
Well this came up in the post where people said their Reddit posts were being restored. Even when the user deleted their account mind you. Basically there is something in the reddit TOS that with everything you post you give up your rights to that and it becomes reddit's content. But that was from a US legal perspective. I'm not sure how that would hold up against GDPR laws.
Edit, this is the post I'm referring to: https://lemmy.world/post/186613
That's for redistribution rights. GDPR is for protection of personal information and applies regardless of their terms of service. Some US states have similar laws.
You can hit them with a GDPR request regardless of your place of residence. But, if they fail to comply, you can only escalate if you are in the EU.
GDPR is about personal data. Not copyrighted content and licensing that copyrighted content to others (in this case to Reddit as per Terms of Use).
I meant that if you as a user chose to delete your data shouldn't they have to under gdpr?
No, that's unrelated to GDPR. At least in my interpretation.
Still, quite a shitty thing to do. Obviously goes directly against the users explicit intend and will.
I'm not sure they're 100% GDPR compliant on their approach to user account & data deletion tbh. But I'm not sure and I'm not a lawyer or anything.
Basically their approach to deletion is (or at least, was) that you can ask them to deactivate your account. After this, it cannot be reactivated, your username is unavailable. However, if you want all your comments/content to be deleted, you have to go through and do it manually (this would take me months, personally...) before deactivating your account. If you deactivated your account already, your data and content is still there and you can't go back and delete it (your comments and posts are now disassociated from your dead username). Admins can't reopen your account and can't (or won't) delete it themselves.
This would theoretically be sort of okay, but what we're seeing is that your manual comment/post deletion must only be a 'soft delete' because admins can clearly restore your deleted or modified comments. I'm unsure if they would be able to do this whether you deactivate your account or not - I can't remember if those who have had this happen deleted their accounts before the posts were changed back. However I'm not sure if there's anything more they would do to actually delete your user data if you email [email protected] with a specific GDPR request under art 17 (right to be forgotten). I can't find that online quickly.
I think this would only apply if you are an EU or UK citizen? If you're Californian you could refer to CCPA regulation. A couple other states have different privacy laws too that may help but they're all different. It may be worth posting on a Privacy or legaladvice community on here to ask what Reddit's approach is and if it holds up.
It's an interesting question and thought, but GDPR is primarily about personal data, not produced (and automatically copyrighted) content.
You produce copyrighted content/text, and as per Reddit terms send it to them with an irrevocable license to host, publish, and use that content.
As long as your account and posted content are not inherently person identifiable - linked to you as a person - the GDPR won't give you additional rights/power.
It's maybe a bit different for the account itself. I'm not sure what the law and law before court would say about that though.
Deleting a Reddit account does not remove your content, only your account, and the user association and labeling on the content. If right-to-be-forgotten would apply to the content, that'd have to be categorically-delectable as well.
/edit:
Through discussion elsewhere I learned:
Relevant is that you post your content linked to your online account. As such they are person-related data. You can always revoke permission / demand deletion of such data.
So the "revokation" wins over "unlinking content".
I feel like the waters are a bit muddy, like if you had 1 acct, and posted a bunch, I'd imagine if you collected all your posts, there would be more than enough info to link the acct to your person. So where does that protection end? It just feels wrong if you couldn't go and delete that stuff tbh.