Update: As some have pointed out: the restores can be rollbacks from the server issues or post haven’t been properly deleted due to subs being private during blackouts. Many have experienced the same issue, I can’t explain how this happens. I’ll just run the script again, try the GDPR request and delete my account.

Also worth noting: according to the ToS Reddit can actually do whatever they want with existing content, apparently we agreed to this when signing up.

#redditblackout #redditmigration #kbin #lemmy

  • Anahkiasen@lemmy.blahaj.zone
    link
    fedilink
    arrow-up
    32
    ·
    1 year ago

    That is such a shitty move. Forcing subreddits to go back up is one thing, but as a european this feels very wrong from a data ownership standpoint and I’m not sure it’s ok in the GDPR rules?

    • Anon2971@kbin.social
      link
      fedilink
      arrow-up
      19
      ·
      edit-2
      1 year ago

      I think we should actively keep track of Reddit restoring user’s content without people’s permission. Screenshots, timestamps, everything. Monitor it all.

      Maybe if Reddit go ahead with their API change whilst treating their users like such disposable crap, we could reach out to the EU to inform them of Reddit’s GDPR breaches. Maybe that’d lead to their new revenue from API charges disappearing into hefty EU fines.

      Update: Maybe there’s going to be some loophole about actually having to use the data deletion request via Reddit’s UI for there to be an actually GDPR breach though thinking about it. Going to ask around some Law friends for advise

      • juergen_hubert@kbin.social
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        That’s an excellent idea! EU regulations on the digital rights of users are not to be trifled with, and “the right to be forgotten” is a big one.

          • aceca@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            You’re all over this thread saying this, what exactly do you think “right to erasure” means?

            From gdpr.info:

            Since the definition includes “any information,” one must assume that the term “personal data” should be as broadly interpreted as possible.

            Here’s a short list of information thought not to be personal which has later been found personal:

            • Start end/times at work
            • Break times
            • Cultural id markers
            • Written answers to exam questions
            • Mental illness
            • Any physical descriptor
            • online identifiers (ie your reddit username which may be shared with other sites to identify you)
            • and plenty more

            The idea that redditors do not have personal information lingering in their comments is absurd, GDPR 100% applies.

    • albatros@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      I’m not sure it’s ok in the GDPR rules?

      That would probably be related to “right to erasure”.

      But even this has limits, since sometimes the data can be necessary for a service (for example, you might be unable to get invoice data erased before X years, as a legal requirement)

      Since messages on forums can be considered “needed” to understand a thread, it’s usually advised to make all messages anonymous if a user requests complete deletion.

      I guess here it’s a little different, since the messages were removed by users, so it’s not a gdpr request. Not sure how it works in that case.

      Other issue is if the messages themselves contain personal information… Someone going through my old reddit profile could probably figure out my identity since I mentioned one of my (very uncommon) previous job a few times.

      Best way to figure out how it works here would probably be to contact the gdpr authority for your country… And they might have trouble with it too.

      • masterX244@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        But even this has limits, since sometimes the data can be necessary for a service (for example, you might be unable to get invoice data erased before X years, as a legal requirement)

        But then it still needs to be marked as a “DO NOT TOUCH”. you aren’t allowed to use it then for any other purpose.

    • Glitch@pl.glitch.pm
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      @Anahkiasen @chri5 almost certainly no bueno under GDPR.

      Post content being deemed PII at user digression is already a… questionable stance to take with GDPR but probably grey enough to the point where a DPA won’t bother with it while they have bigger fish to fry.

      Outright going against user requested data removal tho? Yeah that’s a good way to net you GDPR complaints. If the user requests their info removed, you’re required to oblige unless you have a reason that amounts to something like “we need this to keep the service operational”, which post content almost certainly isn’t.

      (ie. You’re not gonna be able to GDPR your IP address or email off of the banlist.)