Right, but how would they handle the case where personally identifiable information could be in the text itself?
Someone could tell a very descriptive story with enough detail that you can figure out who it is, or maybe someone who knows enough of the story in real life could figure out exactly who it was that made the comment?
For example, someone makes a comment with a long story and in there they include something like, “I’m Karen and I work at the restaurant where that [insert some major news story here…]”. People make mistakes all the time and they might want to quickly delete that information.
Not only that, if you look at enough of someone’s comment history you can start figuring out a lot of information about that person. In one comment they might mention the city they live in, in another they might mention the name of the business they work at, somewhere else you figure out their gender, in some cases they may even post a picture of themselves.
Edit: fixed formatting where some text was hidden.
Hmm yeah that’s true… So really the question is who decides what “sufficiently anonymized” actually means. Or what counts as personal data and what does not. Probably only a court can answer these questions since the GDPR is not very precise in that regard
I guess the best way to find out is to request deletion of all data including comments and posts, and if they don’t comply then take them to court or file a complaint with your national Data Protection Authority
Right, but how would they handle the case where personally identifiable information could be in the text itself?
Someone could tell a very descriptive story with enough detail that you can figure out who it is, or maybe someone who knows enough of the story in real life could figure out exactly who it was that made the comment?
For example, someone makes a comment with a long story and in there they include something like, “I’m Karen and I work at the restaurant where that [insert some major news story here…]”. People make mistakes all the time and they might want to quickly delete that information.
Not only that, if you look at enough of someone’s comment history you can start figuring out a lot of information about that person. In one comment they might mention the city they live in, in another they might mention the name of the business they work at, somewhere else you figure out their gender, in some cases they may even post a picture of themselves.
Edit: fixed formatting where some text was hidden.
Hmm yeah that’s true… So really the question is who decides what “sufficiently anonymized” actually means. Or what counts as personal data and what does not. Probably only a court can answer these questions since the GDPR is not very precise in that regard
I guess the best way to find out is to request deletion of all data including comments and posts, and if they don’t comply then take them to court or file a complaint with your national Data Protection Authority