this post was submitted on 20 Jun 2023
263 points (99.6% liked)
Sync for Lemmy
15172 readers
3 users here now
๐
Welcome to Sync for Lemmy!
Welcome to the official Sync for Lemmy community.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Community Rules
1- No advertising or spam.
All types of advertising and spam are restricted in this community.
Community Credits
Artwork and community banner by: @[email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
https://thomashunter.name/posts/2023-06-19-how-to-delete-reddit-account-gdpr-ccpa
Looks like it's not that easy
I just want to add that as a European citizen you also have a right to get a copy of all your data, and an explanation how and when this data has been used.
Also, I'm pretty sure that their response "you first have to delete your comments manually" does not comply with EU guidelines.
Also found this blog post and made the request to Reddit for GDPR data removal. However I removed comments by using the Power delete suite (https://github.com/j0be/PowerDeleteSuite).
After few hours got email (similar as in the blog post) from reddit and followed by the instructions given in email (basically send as a reddit message confirming account deletion). Few hours passed again and got confirmation email from Reddit "Weโve now flagged your account for irreversible deletion. Please allow some time for this action to complete."
Basically not much effort needed in case you're willing to remove the comments (etc) manually or using scripts, extensions, etc.
However not sure if it would be GDPR compliant for Reddit to leave the comments if the user data is wiped out even if the username is removed from the posts.
As a European it is an option for me
Read the update at the bottom. Reddit doesn't seem to want to comply with the requests. I guess you could use a deletion script.
Then they are in breach of GDPR regulations. If they don't comply I could see some serious fines heading their way
Wouldn't they have to have some sort of presence in the EU? If all of their operations are US based (I don't know if they are or not), can the EU really do anything about it?
They serve people in the EU so they absolutely have to comply. If you have EU citizens on your website then EU GDPR regulations apply to you.
I have done enough GDPR compliance training to make me want to gouge my own brain out but I guess it came in handy lol
Suppose Reddit tells them to go away. What are they going to do about it?
I believe blocking reddit in the EU is an option.
How would they implement that?
Matching you IP to your country and showing you an excuse if GDPR would apply. Some American news outlets do it this way.
All governments have the power to block a website, there have been sites blocked by the government such as pirate bay and MEGA upload. It isn't outside the possibility they can get blocked at an ISP level or beyond that.
They can even contact the website host which most companies will use Amazon services and they will definitely comply with EU regulations
In my case, I could go to the ICO and register a complaint with them if you live in Europe then you can try this page: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
Outside of Europe, the UK and California you probably won't have much luck to be honest, as they do not legally have to comply with you if you are not a citizen of any of those places.
As for if Reddit tells the EU to go away, that is suicide, whilst 49% of users are in the USA the rest of the 51% are everywhere else, that would be a very bad look for investors if the website was blocked in Europe and it would look especially bad for the company to be fined for gdpr non-compliance. So they would be in worse not to comply... Not to mention the loss in ad revenue. Nobody wants to serve ads when only half the site is going to see them. USA won't be much affected but anyone in the EU will.
They could also increase the fine, and if they still refuse to pay, sue them and seize assets. Either way, a massive headache
I am more interested in the enforcement scenario where a US business just completely ignores the fines, lawsuits, etc.
"sue them and seize assets."
How are they going to enforce that on a US company if what they did wasn't illegal in the US and the act in question was done in the US?
The EU can work with US enforcement agencies, that is something that they have the power to do, as well as vice versa
Just because you are in the states it does not mean you can hide from regulations, though I am not a lawyer and this is not legal advice (obviously)
It's a two way street, and it makes sense. EU have to comply with US regulations if they are serving US citizens like any other country