Update: As some have pointed out: the restores can be rollbacks from the server issues or post haven’t been properly deleted due to subs being private during blackouts. Many have experienced the same issue, I can’t explain how this happens. I’ll just run the script again, try the GDPR request and delete my account.

Also worth noting: according to the ToS Reddit can actually do whatever they want with existing content, apparently we agreed to this when signing up.

#redditblackout #redditmigration #kbin #lemmy

  • booshi@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    These links are just going to the same post we are on? It’s not linking to specific comments for me.

    • abff08f4813c@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Looks like comment link redirection isn’t quite working. Let me just copy over the comment text for now:

      Well, people have reported Twitter for failing to remove their tweets and places like the ICO are now actively investigating Twitter over this failure, see https://www.wired.co.uk/article/delete-twitter-dms-gdpr

      Someone posted not too long ago that a person who was part of Twitter’s group over the GDPR - pre Musk - said the lawyers came to the conclusion that tweets were protected under the GDPR.

      I believe it’s less straightforward than that. Under GDPR, consent can be withdrawn, you can’t give an irrevokable consent.

      And from https://mstdn.games/@chris/110553477682106144

      Presumably falls under right to erasure (art 17,19 of GDPR). You’ve withdrawn your consent, so if it isn’t exempt under legal obligation, public health, scientific research etc then that’s it, really. I guess there might be brave souls who argue that posts on Reddit sometimes don’t qualify as or contain personal data, but that would seem irrelevant unless someone is painstakingly anonymising the dataset on a case by case basis, which they surely aren’t.

      Also, it looks like Twitter may be in some trouble, for failing to delete DMs under the GDPR, see https://techcrunch.com/2023/02/08/elon-musk-twitter-dm-deletion/

      Surely, if twitter DMs fall under the GDPR, so do Reddit posts and comments (and note that it’s the content of the DMs, and not the personal identifiers, and that the DMs are requested to be deleted from e.g. receipients inboxes as well).

      • booshi@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        There is nothing of fact here - as I said in my comments before and I’ll say again - it’s a case-by-case basis, but as it stands, this is not covered under GDPR. Everything you linked to is pending actual decisions, as this area of GDPR is still being figured out. Yet, for some reason, people are stating it as fact.

        • abff08f4813c@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          as this area of GDPR is still being figured out.

          Interesting. So does that mean you think it COULD be covered by the GDPR, perhaps from a court decision at a future date? That at least it’s a possibility, even if unknown right now?

          this is not covered under GDPR

          Interesting contradiction. I’d say there only three states: it is covered, it is not covered, and it’s unknown.

          Anyways, here’s a fact:

          UK’s Information Commissioner’s Office … told Veale that Twitter’s response “failed to comply with the requirement of the data protection legislation”

          Of course you’d be right if you said it hasn’t been taken to court yet and that particular case lacks a court ruling to back it up. So if that’s your requirement for it to count, then that’s fair. Still, I would generally go with the guidance from the ICO here rather than try my luck in court, absent compelling reasons.

          I think the case by case thing is addressed somewhat from the Mastodon post. Someone reposting a meme wouldn’t contain any personal info to erase under GDPR, but another post that’s an ask me anything with a person’s picture and other verifiable credentials would be. In the latter case I’m not sure you could anonymize the content without making it unuseful and uninteresting.

          And it would take a lot of time and effort to review every post and comment and perform the anonymization. And deanonymization is a legitimate concern too. So I guess Reddit could try to play hardball here but it would probably cost them.

          • booshi@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            lol what - just because a government entity says something, doesn’t mean it’s fact. You’re grasping at straws and undermining actual fights for data privacy.

            • abff08f4813c@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              and undermining actual fights for data privacy.

              Care to elaborate? Let’s assume for the sake of argument that I actually am wrong and mistaken on this point. How does one get from “being mistaken” to “undermining” ? As a major supporter of data privacy, I’d really like to know this.

              lol what - just because a government entity says something, doesn’t mean it’s fact.

              I think I already addressed this earlier when I wrote,

              So if that’s your requirement for it to count, then that’s fair.

              Even so, the fact that multiple gov’t entities charged with enforcing the GDPR seem to have come to the conclusion that failure to delete DMs is a violation of the GDPR is quite telling.

              Perhaps they are wrong, and perhaps we won’t know for sure until this makes it to the Court of Justice of the European Union / Supreme Court of the United Kingdom for the definitive ruling. It’s true that gov’t agencies do get it wrong from time to time.

              Even so, I think that would be a tough and expensive fight that would give most folks pause. Both potentially illegal and against public opinion?

              Perhaps it’s possible you misunderstood me. The fact I was pointing out was that the ICO thought Twitter had a potential GDPR violation. But I can agree that it’s not confirmed until the relevant courts rule on it - the fact is simply that this is what the ICO has said.

              You’re grasping at straws

              Hmm. So I’ve cited lots of things to explain why it looks like it’s a likely GDPR violation. Can you cite for the opposite - why private DMs and Reddit posts (particularly text body contents) would not ever count?

              To sum it up, I find it really interesting how you’ve not responded to the first question I had in the parent comment:

              as this area of GDPR is still being figured out.
              Interesting. So does that mean you think it COULD be covered by the GDPR, perhaps from a court decision at a future date? That at least it’s a possibility, even if unknown right now?

              I get the impression that you’re a hard no here, that you assume once this area of the GDPR is figured out, then it most definitely won’t be covered. But, care to elaborate why you think this is the likely outcome?