Reddit can restore your deleted posts. However, if people flood them with GDPR / CCPA delete requests, they may become liable for lawsuits if they don’t comply.

It sounds like their current policy is to not delete your posts even when deleting your account, but there may be grounds for legal action here.

  • NotTheOnlyGamer@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    If you can prove that the data you’re asking to have deleted is or contains PII, I’m sure they’ll comply to the letter of the law. Outside of that, all content submitted to Reddit belongs to Reddit, Conde Nast, Advance Media, and all subsidiaries.

    • Sousa@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Surely this is wrong? If the content I posted is not deleted and it still shows as being made from my account, it traces back to me, so it should be deleted if I requested so. In addition to this, would you apply the same logic to private messages? With or without your name or username, if you send a message to someone and cancel or delete it, no one should be able to recover it unless you consent to it.

      Let’s go more in depth now. According to the UK’s Data Protection Act 2018 (GDPR) and EU’s Regulation (EU) 2016/679 (General Data Protection Regulation):

      Examples of Personal Data (excluding the most obvious ones): (here and here)

      • race
      • ethnic background
      • political opinions
      • religious beliefs
      • trade union membership
      • genetics
      • biometrics (where used for identification)
      • health
      • sex life or orientation

      Processing Meaning: (here)

      Processing covers a wide range of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

      Examples of processing include:

      posting/putting a photo of a person on a website;

      With this in mind, you can no longer only be identified by your username (in case it says “Deleted”), you could potentially be identified by your post’s content (and post history). If consent is withdrawn and you wish that the company stops processing your data, the company must comply (here).

      With the heat Reddit is taking, and probably the wave of complaints that’s about to happen, I’m eager to see what’s going to be the regulator’s response.

      • Steeve@lemmy.ca
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        No, they’re correct, which the rest of your comment alludes to in the full context. You’d only be allowed to request deletion of comments with personal data, and Reddit is within their rights to have you specify which ones.

        • Sousa@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          I’m sorry but that’s not what the User’s agreement and Privacy Policy says. It’s pretty obvious who’s the content’s owner and what rights we have over it. The only way reddit can keep that content is by making a derivate of the content, like stated above. As I can see some of my original posts being recovered after deletion, these are obviously not derivative of anything, they’re the original content.

          As of right now, I haven’t deleted my account, so this includes my username. That’s definitely personal data, and as such, they’re not allowed to recover the post without my consent. Maybe the solution to the problem at the moment is to keep an account in order to have more control over our content and make sure stays deleted. In case they change their UA or PP regarding this matter, then we should request the account’s deletion.

            • Sousa@lemmy.world
              link
              fedilink
              arrow-up
              0
              ·
              1 year ago

              Personal data only matters from a GDPR point of view. Regarding Reddit’s UA and PP, that doesn’t have any relevance. They also specifically cover our current problem as an example:

              Please note, however, that the posts, comments, and messages you submitted prior to deleting your account will still be visible to others unless you first delete the specific content.


              Which is exactly what I (and many other people) did, and yet they’ve restored our content without our permission. And once again, at least in my case, I only deleted my posts and not my account as of right now. This means every single one of my restored posts has my handle on it, which is personal data.

              An individual’s social media ‘handle’ or username, which may seem anonymous or nonsensical, is still sufficient to identify them as it uniquely identifies that individual. The username is personal data if it distinguishes one individual from another regardless of whether it is possible to link the ‘online’ identity with a ‘real world’ named individual.


              It really doesn’t get any easier to understand, but please make sure to keep glazing spez.
              I’m sure he appreciates any support he can get right now.

              • Steeve@lemmy.ca
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                Dude, we were specifically discussing the GDPR, a subject that I have a lot of experience in through my career. You don’t get to move the goalposts to Reddit’s ToS and accuse me of supporting spez lmao. Get out of here.

                • Sousa@lemmy.world
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  1 year ago

                  Surely you have loads of experience, yet you lack reading capabilities. I suggest you re-read the information above and draw your own conclusions. I won’t be discussing this any longer, as you must be clearly trolling or lacking in the reading department.

    • EvilColeslaw@kbin.social
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      It doesnt’ belong to Reddit. You give them a license (transferrable and non-revocable) to use the content. But in the EU that is superceded by the GDPR.

  • ddnomad@infosec.pub
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Strongly suggest overriding all comments and posts (using something like PowerDeleteSuite) before submitting a GDPR request though. Replace it with “use kbin/lemmy” or similar.

    Not sure whether it will work out but I am planning to do that before API is gone (assume ~28th of June or something).

    • Sousa@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      They’d probably recover the original content, even though it is illegal for them to do so.
      Don’t worry, their IPO will surely be a success after part of the community leaves + possible GDPR fines.

    • Sousa@lemmy.world
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      Reddit’s Privacy Policy and User Agreement apply to you either way, so I’d assume you’d be able to make a request based on that. Due to the EU’s GDPR regulations, most companies make their policies GDPR-compliant, meaning fewer variations, less work, and better consumer protections.

      • lloram239@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Has anybody had success with this recently? My recent GDPR request is almost a week old and still no answer, used to take less than an hour last time I tried it.