Copying my comment from another thread below. I have since realised that Reddit does have to be GDPR compliant so it must be applicable, but does it apply to all content?
Would this actually be a GDPR breach? I was thinking about the right to erasure/to be forgotten earlier in relation to a post I saw about how your posts aren’t deleted on other federated instances, if you delete them on your home server. But I figured it wasn’t applicable because it’s not personal data and I’m thinking the same about this Reddit issue. Can anyone set me straight?
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Ah, thank you. I didn’t realise the definition covered so much but it makes sense especially with how the data could be used in conjunction with other identifying data. I should obviously brush up on my understanding of GDPR!
If it is truly anomoymised they can keep the contant.
Say you posted a guide to building a pc without any thing to identify you then Reddit could keep the guide up and just remove username…but if you put anything in that comment to identify yourself (like “I am bob of Bob’s PC repairs, Slough trading estate, UK and here is my guide…”) That would have to be deleted on request (in theory they could just remove that sentence). Most places think it’s easier to just remove all your content but Reddit seems to think they can anonmymise it.
Copying my comment from another thread below. I have since realised that Reddit does have to be GDPR compliant so it must be applicable, but does it apply to all content?
Would this actually be a GDPR breach? I was thinking about the right to erasure/to be forgotten earlier in relation to a post I saw about how your posts aren’t deleted on other federated instances, if you delete them on your home server. But I figured it wasn’t applicable because it’s not personal data and I’m thinking the same about this Reddit issue. Can anyone set me straight?
Yes, definition of personal data from GDPR:
Ah, thank you. I didn’t realise the definition covered so much but it makes sense especially with how the data could be used in conjunction with other identifying data. I should obviously brush up on my understanding of GDPR!
If it is truly anomoymised they can keep the contant.
Say you posted a guide to building a pc without any thing to identify you then Reddit could keep the guide up and just remove username…but if you put anything in that comment to identify yourself (like “I am bob of Bob’s PC repairs, Slough trading estate, UK and here is my guide…”) That would have to be deleted on request (in theory they could just remove that sentence). Most places think it’s easier to just remove all your content but Reddit seems to think they can anonmymise it.