• minode
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    Someone mentioned invoking GDPR’s right to be forgotten. Although comments are not strictly personal information, it could still work. I think I’ll try it soon.

    • S4nvers@kbin.social
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      I think you should definitely try, but I don’t think it’ll work. According to this stackexchange question they could argue that deleting your comments would break the cohesiveness of the discussion and make the available information incomplete.

      Art.17, 3a states that the right to be forgotten is not applicable if processing of the data is required to exercise freedom of information. So I don’t think posts or comments are affected by the GDPR as long as they don’t contain any information that would identify a user

        • S4nvers@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          You‘re right, you can use the GDPR to delete personal data. But again, I don‘t think posts and comment are considered personal data and that they would not have to be removed since they are essential to understanding the discussion as a whole

          The GDPR was never intended to be able to destroy information, just to protect the privacy of users. So as long as there‘s no information that could identify a user in their posts/comments (which no one should make publicly available anyways) then Reddit is under no obligation to delete the content you generated. They only have to disassociate it from your account, which they do by displaying the username as „deleted“

          • MrAegis@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            edit-2
            1 year ago

            Right, but how would they handle the case where personally identifiable information could be in the text itself?

            Someone could tell a very descriptive story with enough detail that you can figure out who it is, or maybe someone who knows enough of the story in real life could figure out exactly who it was that made the comment?

            For example, someone makes a comment with a long story and in there they include something like, “I’m Karen and I work at the restaurant where that [insert some major news story here…]”. People make mistakes all the time and they might want to quickly delete that information.

            Not only that, if you look at enough of someone’s comment history you can start figuring out a lot of information about that person. In one comment they might mention the city they live in, in another they might mention the name of the business they work at, somewhere else you figure out their gender, in some cases they may even post a picture of themselves.

            Edit: fixed formatting where some text was hidden.

            • S4nvers@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Hmm yeah that’s true… So really the question is who decides what “sufficiently anonymized” actually means. Or what counts as personal data and what does not. Probably only a court can answer these questions since the GDPR is not very precise in that regard

              I guess the best way to find out is to request deletion of all data including comments and posts, and if they don’t comply then take them to court or file a complaint with your national Data Protection Authority

      • onceuponaban@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        So what you’re saying is, mass-edit all your comments to contain your full name right before requesting deletion.

        • S4nvers@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          @sensibilidades is probably right that they could just restore the previous state from a backup

          In addition to that is a name not necessarily information that would identify you. There are many people out there that share the same name. It would require additional personal information, like address, phone number or something like that

          Even if that would help deleting a users Reddit history I wouldn‘t exactly recommend posting putting that information on the internet

          • minode
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            As far as I can remember, e.g., an email address with your name and surname counts as personally identifiable information, so it’s included under GDPR policies. However, I agree with the backup sentiment.

      • HawkMan@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        deleting from a database isn’t processing. It’s literally what right to be gorhotten requires

        • S4nvers@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          You‘re right, if the law was applicable then they‘d have to „process“(delete) the data.

          But since the right to information weighs heavier than the right to be forgotten (except when it comes to personal data, which can be used to identify a user) Reddit is not required by the GDPR to delete posts/comments that do not contain such information

          But we can‘t really know for sure what counts as personal data unless someone drags a company in front of a court over something like this

    • Denaton@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Depends on how they store the comments, IP is within GDPR, but even then, I will just claim that i have posted personal information on comments so it still applies. If the comment is connected to my user in anyway, it’s GDPR…

      • S4nvers@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I think if that works it would be a great solution! Processing copyright claims is pretty time-consuming, so they‘d have to put a lot of work into it

        But the Reddit ToS states that by submitting content to their Services you

        grant [Reddit] a worldwide, royalty-free, perpetual, irrevocable, non-exclusive, transferable, and sublicensable license to use, copy, modify, adapt, prepare derivative works of, distribute, store, perform, and display Your Content

    • mrmanager@lemmy.today
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I don’t think they can just restore all comments and bypass the GDPR, that would be insane. It’s a very serious law in Europe.