Update: As some have pointed out: the restores can be rollbacks from the server issues or post haven’t been properly deleted due to subs being private during blackouts. Many have experienced the same issue, I can’t explain how this happens. I’ll just run the script again, try the GDPR request and delete my account.
Also worth noting: according to the ToS Reddit can actually do whatever they want with existing content, apparently we agreed to this when signing up.
That is such a shitty move. Forcing subreddits to go back up is one thing, but as a european this feels very wrong from a data ownership standpoint and I’m not sure it’s ok in the GDPR rules?
I think we should actively keep track of Reddit restoring user’s content without people’s permission. Screenshots, timestamps, everything. Monitor it all.
Maybe if Reddit go ahead with their API change whilst treating their users like such disposable crap, we could reach out to the EU to inform them of Reddit’s GDPR breaches. Maybe that’d lead to their new revenue from API charges disappearing into hefty EU fines.
Update: Maybe there’s going to be some loophole about actually having to use the data deletion request via Reddit’s UI for there to be an actually GDPR breach though thinking about it. Going to ask around some Law friends for advise
That’s an excellent idea! EU regulations on the digital rights of users are not to be trifled with, and “the right to be forgotten” is a big one.
deleted by creator
You’re all over this thread saying this, what exactly do you think “right to erasure” means?
From gdpr.info:
Here’s a short list of information thought not to be personal which has later been found personal:
The idea that redditors do not have personal information lingering in their comments is absurd, GDPR 100% applies.
Yes, it does, and yes, there is, see https://kbin.social/m/reddit@lemmy.ml/t/34167/Reddit-is-restoring-deleted-posts#entry-comment-141186
Mightily envious of you guys over there.
That would probably be related to “right to erasure”.
But even this has limits, since sometimes the data can be necessary for a service (for example, you might be unable to get invoice data erased before X years, as a legal requirement)
Since messages on forums can be considered “needed” to understand a thread, it’s usually advised to make all messages anonymous if a user requests complete deletion.
I guess here it’s a little different, since the messages were removed by users, so it’s not a gdpr request. Not sure how it works in that case.
Other issue is if the messages themselves contain personal information… Someone going through my old reddit profile could probably figure out my identity since I mentioned one of my (very uncommon) previous job a few times.
Best way to figure out how it works here would probably be to contact the gdpr authority for your country… And they might have trouble with it too.
But then it still needs to be marked as a “DO NOT TOUCH”. you aren’t allowed to use it then for any other purpose.
@Anahkiasen @chri5 almost certainly no bueno under GDPR.
Post content being deemed PII at user digression is already a… questionable stance to take with GDPR but probably grey enough to the point where a DPA won’t bother with it while they have bigger fish to fry.
Outright going against user requested data removal tho? Yeah that’s a good way to net you GDPR complaints. If the user requests their info removed, you’re required to oblige unless you have a reason that amounts to something like “we need this to keep the service operational”, which post content almost certainly isn’t.
(ie. You’re not gonna be able to GDPR your IP address or email off of the banlist.)