this post was submitted on 16 Jun 2023
2394 points (99.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54819 readers
363 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
 

A fellow mod informed me that about it as I was laying in bed. Reddit sent a message to the mod team and after 1 hour demoded me. I didn't even had time to see it, never-mind respond to it.

Looks like we rattled reddit enough to start shooting. There goes all that fancy talk about our protest not affecting them much.

Just FYI for now. It's late here so I'll see how we proceed tomorrow.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 38 points 1 year ago (3 children)

Hmm.... wouldn't restoring deliberately-user-deleted content directly break a bunch of "right to be forgotten"-style laws that Reddit's technically obliged to follow? (GDPR, some California laws, etc)?

[–] [email protected] 20 points 1 year ago

In my country we have something called Datainspektionen, they hunt down companies that break GDPR, perhaps it's time to report Reddit..

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

It's an interesting question and thought, but GDPR is primarily about personal data, not produced (and automatically copyrighted) content.

You produce copyrighted content/text, and as per Reddit terms send it to them with an irrevocable license to host, publish, and use that content.

As long as your account and posted content are not inherently person identifiable - linked to you as a person - the GDPR won't give you additional rights/power.

It's maybe a bit different for the account itself. I'm not sure what the law and law before court would say about that though.

Deleting a Reddit account does not remove your content, only your account, and the user association and labeling on the content. If right-to-be-forgotten would apply to the content, that'd have to be categorically-delectable as well.

/edit:

Through discussion elsewhere I learned:

Relevant is that you post your content linked to your online account. As such they are person-related data. You can always revoke permission / demand deletion of such data.

So the "revokation" wins over "unlinking content".

[–] [email protected] 3 points 1 year ago

I feel like the waters are a bit muddy, like if you had 1 acct, and posted a bunch, I'd imagine if you collected all your posts, there would be more than enough info to link the acct to your person. So where does that protection end? It just feels wrong if you couldn't go and delete that stuff tbh.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (2 children)

Well this came up in the post where people said their Reddit posts were being restored. Even when the user deleted their account mind you. Basically there is something in the reddit TOS that with everything you post you give up your rights to that and it becomes reddit's content. But that was from a US legal perspective. I'm not sure how that would hold up against GDPR laws.

Edit, this is the post I'm referring to: https://lemmy.world/post/186613

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

That's for redistribution rights. GDPR is for protection of personal information and applies regardless of their terms of service. Some US states have similar laws.

You can hit them with a GDPR request regardless of your place of residence. But, if they fail to comply, you can only escalate if you are in the EU.

[–] [email protected] 5 points 1 year ago (1 children)

GDPR is about personal data. Not copyrighted content and licensing that copyrighted content to others (in this case to Reddit as per Terms of Use).

[–] [email protected] 5 points 1 year ago (2 children)

I meant that if you as a user chose to delete your data shouldn't they have to under gdpr?

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

No, that's unrelated to GDPR. At least in my interpretation.

Still, quite a shitty thing to do. Obviously goes directly against the users explicit intend and will.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

I'm not sure they're 100% GDPR compliant on their approach to user account & data deletion tbh. But I'm not sure and I'm not a lawyer or anything.

Basically their approach to deletion is (or at least, was) that you can ask them to deactivate your account. After this, it cannot be reactivated, your username is unavailable. However, if you want all your comments/content to be deleted, you have to go through and do it manually (this would take me months, personally...) before deactivating your account. If you deactivated your account already, your data and content is still there and you can't go back and delete it (your comments and posts are now disassociated from your dead username). Admins can't reopen your account and can't (or won't) delete it themselves.

This would theoretically be sort of okay, but what we're seeing is that your manual comment/post deletion must only be a 'soft delete' because admins can clearly restore your deleted or modified comments. I'm unsure if they would be able to do this whether you deactivate your account or not - I can't remember if those who have had this happen deleted their accounts before the posts were changed back. However I'm not sure if there's anything more they would do to actually delete your user data if you email [email protected] with a specific GDPR request under art 17 (right to be forgotten). I can't find that online quickly.

I think this would only apply if you are an EU or UK citizen? If you're Californian you could refer to CCPA regulation. A couple other states have different privacy laws too that may help but they're all different. It may be worth posting on a Privacy or legaladvice community on here to ask what Reddit's approach is and if it holds up.