Another update and possibly a solution for some case where posts were not properly deleted. Seems I jumped the gun on this and the restores haven’t been intentional - at least not in this particular case.

There is a limitation in the popular Powerdelete that apparently prevents mass editing. Here is a link to a new version with a build-in delay and some other alternatives:
https://www.reddit.com/r/ModCoord/comments/145fico/comment/jnl4xmr/

There are other reported cases where manually deleted post reappeared or other scripts have been used, so this doesn’t solve all issues but explains how posts that were both edited and deleted withPowerdelete weren’t properly deleted and reappeared after subs went back live.

Update: As some have pointed out: the restores can be rollbacks from the server issues or post haven’t been properly deleted due to subs being private during blackouts. Many have experienced the same issue, I can’t explain how this happens. I’ll just run the script again, try the GDPR request and delete my account.

Also worth noting: according to the ToS Reddit can actually do whatever they want with existing content, apparently we agreed to this when signing up.

#redditblackout #redditmigration #kbin #lemmy

  • admin
    link
    fedilink
    391 year ago

    This is shitty of them to do but this is what people have been trying to tell us since the dawn of the internet. Nothing on the internet is EVER truly deleted

    • Balssh
      link
      fedilink
      671 year ago

      I think they may underestimate EU’s response here.

        • BorgDrone
          link
          fedilink
          41 year ago

          That’s debatable. Sure. my account doesn’t actually contain my name and address, but it contains almost 14 years of posts and comments. Through the years I’ve probably let slip enough small pieces of information about myself that a motivated person would be able to identify me. This would still make it identifiable information.

          • booshi
            link
            fedilink
            21 year ago

            Debatable? Yes, as that still hasn’t been figured out at a higher level, and this is still handled on a case-by-case basis. Otherwise, they are free to keep your data, and simply no longer keep the association with your email.

          • Legisign
            link
            fedilink
            11 year ago

            Sure. my account doesn’t actually contain my name and address, but it contains almost 14 years of posts and comments.

            Agreed. If a person’s speaking voice falls under the GDPR (as I have found out being a phonetician and hence doing research on it), surely opinions and comments taken not individually but as a cumulated mass must do so too.

          • booshi
            link
            fedilink
            11 year ago

            Those are our accounts, linked to our emails, which they are free to de-associate, and freely use for whatever commercial purposes they want.

          • booshi
            link
            fedilink
            11 year ago

            Do you understand how trivial it is to anonymize the data so it can still be used and monetized?

            • aceca
              link
              fedilink
              1
              edit-2
              1 year ago

              How exactly do you trivially remove all references to the physical, physiological, genetic, mental, economic, cultural or social identity of the person posting?

              This is the bar you’d have to clear to ensure someone’s comment history were anonymized per GDPR, miss a single one of these factors and your anonymous data is now reversible and thus infringing.

          • Jon-H558
            link
            fedilink
            11 year ago

            Yes but if they take the user name off can they keep the comment text up. For most comments they probably could unless you were putting your name or your job title and company or similar in the body of the text.

        • aceca
          link
          fedilink
          21 year ago

          The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, location data, an online identifier or one of several special characteristics

          By definition commenting reddit users are covered, even if they haven’t posted anything otherwise identifying – but most have either way.

          • @nickajeglin
            link
            21 year ago

            *Looks up GDPR… “EU law”

            Womp womp :(

            • booshi
              link
              fedilink
              21 year ago

              There is also CCPA in California - but none of these offer a total blanket/shield of protection like people are positing here. It’s still a completely grey area that has, so far, not sided with users of sites.

        • procgen
          link
          fedilink
          1
          edit-2
          1 year ago

          That depends on the content of the post or comment, no?

        • aceca
          link
          fedilink
          1
          edit-2
          1 year ago

          If a user is commenting they have an online identifier and are thus covered. If a user has ever referenced their relationship status, location or any physical descriptor they are covered. The GDPR – it applies.

        • Nexclusive
          link
          fedilink
          11 year ago

          Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.

          For most people, GDPR probably applies to at least some of their comments on Reddit.

          • booshi
            link
            fedilink
            11 year ago

            These links are just going to the same post we are on? It’s not linking to specific comments for me.

            • abff08f4813c
              link
              fedilink
              11 year ago

              Looks like comment link redirection isn’t quite working. Let me just copy over the comment text for now:

              Well, people have reported Twitter for failing to remove their tweets and places like the ICO are now actively investigating Twitter over this failure, see https://www.wired.co.uk/article/delete-twitter-dms-gdpr

              Someone posted not too long ago that a person who was part of Twitter’s group over the GDPR - pre Musk - said the lawyers came to the conclusion that tweets were protected under the GDPR.

              I believe it’s less straightforward than that. Under GDPR, consent can be withdrawn, you can’t give an irrevokable consent.

              And from https://mstdn.games/@chris/110553477682106144

              Presumably falls under right to erasure (art 17,19 of GDPR). You’ve withdrawn your consent, so if it isn’t exempt under legal obligation, public health, scientific research etc then that’s it, really. I guess there might be brave souls who argue that posts on Reddit sometimes don’t qualify as or contain personal data, but that would seem irrelevant unless someone is painstakingly anonymising the dataset on a case by case basis, which they surely aren’t.

              Also, it looks like Twitter may be in some trouble, for failing to delete DMs under the GDPR, see https://techcrunch.com/2023/02/08/elon-musk-twitter-dm-deletion/

              Surely, if twitter DMs fall under the GDPR, so do Reddit posts and comments (and note that it’s the content of the DMs, and not the personal identifiers, and that the DMs are requested to be deleted from e.g. receipients inboxes as well).

              • booshi
                link
                fedilink
                21 year ago

                There is nothing of fact here - as I said in my comments before and I’ll say again - it’s a case-by-case basis, but as it stands, this is not covered under GDPR. Everything you linked to is pending actual decisions, as this area of GDPR is still being figured out. Yet, for some reason, people are stating it as fact.

                • abff08f4813c
                  link
                  fedilink
                  11 year ago

                  as this area of GDPR is still being figured out.

                  Interesting. So does that mean you think it COULD be covered by the GDPR, perhaps from a court decision at a future date? That at least it’s a possibility, even if unknown right now?

                  this is not covered under GDPR

                  Interesting contradiction. I’d say there only three states: it is covered, it is not covered, and it’s unknown.

                  Anyways, here’s a fact:

                  UK’s Information Commissioner’s Office … told Veale that Twitter’s response “failed to comply with the requirement of the data protection legislation”

                  Of course you’d be right if you said it hasn’t been taken to court yet and that particular case lacks a court ruling to back it up. So if that’s your requirement for it to count, then that’s fair. Still, I would generally go with the guidance from the ICO here rather than try my luck in court, absent compelling reasons.

                  I think the case by case thing is addressed somewhat from the Mastodon post. Someone reposting a meme wouldn’t contain any personal info to erase under GDPR, but another post that’s an ask me anything with a person’s picture and other verifiable credentials would be. In the latter case I’m not sure you could anonymize the content without making it unuseful and uninteresting.

                  And it would take a lot of time and effort to review every post and comment and perform the anonymization. And deanonymization is a legitimate concern too. So I guess Reddit could try to play hardball here but it would probably cost them.

                  • booshi
                    link
                    fedilink
                    11 year ago

                    lol what - just because a government entity says something, doesn’t mean it’s fact. You’re grasping at straws and undermining actual fights for data privacy.

        • flypenguin
          link
          fedilink
          11 year ago

          please don’t state things if you don’t know what you’re talking about. it absolutely applies. it’s a personalized account, with a personalized email address – this is the core of GDPR. it might not apply cause reddit is not within the legislation of the EU. maybe.

          • booshi
            link
            fedilink
            21 year ago

            I do - I work with this daily. It would be a massive uphill battle to even prove in a court that your whole post history is considered “identifying”. It’s a case-by-base basis. On top of that, your data could still be easily stored and simply no longer associated with your email (but still can be kept if the previous cannot be proven about identification). Then this would have to be tested, on a that same case-by-case basis, for every single user that made a request.

            To quote yourself, “please don’t state things if you don’t know what you’re talking about.”

            • flypenguin
              link
              fedilink
              11 year ago

              ah … simply no. also now you’re going into technicalities and specific scenarios – which might make sense in court, yet doesn’t disprove the principle per se. but maybe let’s agree to disagree, i don’t think this goes somewhere.

          • Jon-H558
            link
            fedilink
            11 year ago

            If they have eu users they have to apply it. That is why many places have ip lock outs that just prevent us from.seeing it.

            However if they truly anonymise the content of a post they can keep it

            • booshi
              link
              fedilink
              11 year ago

              Can’t be fined for GDPR if you aren’t violating GDPR taps temple

      • jargoggles
        link
        fedilink
        21 year ago

        While this is true, it’s sort of like being in a car accident. The other person may be in the wrong, but that doesn’t exactly unwreck your car.