• VV4lle@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Also found this blog post and made the request to Reddit for GDPR data removal. However I removed comments by using the Power delete suite (https://github.com/j0be/PowerDeleteSuite).

      After few hours got email (similar as in the blog post) from reddit and followed by the instructions given in email (basically send as a reddit message confirming account deletion). Few hours passed again and got confirmation email from Reddit “We’ve now flagged your account for irreversible deletion. Please allow some time for this action to complete.”

      Basically not much effort needed in case you’re willing to remove the comments (etc) manually or using scripts, extensions, etc.

      However not sure if it would be GDPR compliant for Reddit to leave the comments if the user data is wiped out even if the username is removed from the posts.

    • twoshoes@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I just want to add that as a European citizen you also have a right to get a copy of all your data, and an explanation how and when this data has been used.

      Also, I’m pretty sure that their response “you first have to delete your comments manually” does not comply with EU guidelines.

      • DrYes@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Read the update at the bottom. Reddit doesn’t seem to want to comply with the requests. I guess you could use a deletion script.

        • Aer@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Then they are in breach of GDPR regulations. If they don’t comply I could see some serious fines heading their way

          • neanderthal@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            1 year ago

            Wouldn’t they have to have some sort of presence in the EU? If all of their operations are US based (I don’t know if they are or not), can the EU really do anything about it?

            • Aer@lemmy.world
              link
              fedilink
              English
              arrow-up
              5
              ·
              edit-2
              1 year ago

              They serve people in the EU so they absolutely have to comply. If you have EU citizens on your website then EU GDPR regulations apply to you.

              I have done enough GDPR compliance training to make me want to gouge my own brain out but I guess it came in handy lol

                • Aer@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  arrow-down
                  1
                  ·
                  1 year ago

                  In my case, I could go to the ICO and register a complaint with them if you live in Europe then you can try this page: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en

                  Outside of Europe, the UK and California you probably won’t have much luck to be honest, as they do not legally have to comply with you if you are not a citizen of any of those places.

                  As for if Reddit tells the EU to go away, that is suicide, whilst 49% of users are in the USA the rest of the 51% are everywhere else, that would be a very bad look for investors if the website was blocked in Europe and it would look especially bad for the company to be fined for gdpr non-compliance. So they would be in worse not to comply… Not to mention the loss in ad revenue. Nobody wants to serve ads when only half the site is going to see them. USA won’t be much affected but anyone in the EU will.

                  They could also increase the fine, and if they still refuse to pay, sue them and seize assets. Either way, a massive headache

                  • neanderthal@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    0
                    arrow-down
                    1
                    ·
                    1 year ago

                    I am more interested in the enforcement scenario where a US business just completely ignores the fines, lawsuits, etc.

                    “sue them and seize assets.”

                    How are they going to enforce that on a US company if what they did wasn’t illegal in the US and the act in question was done in the US?