Privacy

39955 readers

93 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

801

Any EU based users of reddit should immediately file a complaint under GDPR with their supervisory authority (kbin.social)

submitted 1 year ago by AlteredStateBlob@kbin.social to c/privacy@lemmy.ml

90 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] promitheas@iusearchlinux.fyi 21 points 1 year ago (4 children)

Ive been engaged in discussion with my country's data protection officer since the summer, and the reply I got was that I should delete comments myself. There are 2 comments that appear on my profile only if viewed while I am signed out, and when I raised the concerns with her I basically got the reply that "there is no personal information contained within and once you delete your account there is no username attached to them so you cant be linked with them". Is she right, and how do I handle this situation?

[–] Blackmist@feddit.uk 11 points 1 year ago (3 children)

As I understand it:

As long as the link between data and user is severed, they are compliant with GDPR. Anonymising data (proper non-reversable anonymisation, rather than pseudo-anonymisation) is as good as deleting. As long as it's not personally identifiable, it's OK.

I suspect anyone else expecting the EU to purge reddit of their comments will be equally disappointed.

[–] sibachian@lemmy.ml 4 points 1 year ago (1 children)

what about the whole knowing who is who based on word pattern/habit, and connected content and/or opinion?

[–] Blackmist@feddit.uk 4 points 1 year ago

None of that really seems to count for GDPR. And good luck picking any one person out of a sea of a million orphaned comments.

[–] LWD@lemm.ee 3 points 1 year ago* (last edited 3 weeks ago)

deleted by creator

[–] jarfil@beehaw.org 2 points 1 year ago (1 children)

As long as the link between data and user is severed, they are compliant with GDPR. [...] As long as it's not personally identifiable, it's OK.

Wrong.

In the US, data protection refers to "personally identifiable" data, so severing the link is enough. Under the GDPR, all "personal" data is protected, doesn't matter if it has a link or not to identify the person.

The test under the GDPR, will be whether a comment has any personal data in it. If it's a generic "LMAO", then leaving it anonymous might be enough; if it is a "look at me [photo attached]" or an "AITA [personal story]", then the person can ask for it to be removed, not just anonymized.

[–] LWD@lemm.ee 1 points 1 year ago* (last edited 3 weeks ago) (1 children)

deleted by creator

[–] jarfil@beehaw.org 2 points 1 year ago* (last edited 1 year ago) (1 children)

places an undue burden onto the user to determine and explain why data might be personal

The other way around: all data originating from a person, is by default "personal data", and the burden of explaining which one is not, lies with whoever is keeping it.

you can't look at any messages in any rooms you've been kicked out of

If they're keeping them, then you can request a GDPR export of ALL your data. Doesn't matter whether some interface or application allows you access to the data or not, or even if you've been banned from the whole platform; as long as they keep the data, they have an obligation to honor your rights of:

Access
Correction/Modification
Removal

Even during obligatory data retention periods, when they can't remove the data and only make it inaccessible, you still have the right to get a copy of your own personal data.

[–] AlteredStateBlob@kbin.social 8 points 1 year ago

The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you're getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.

If deleted was truly deleted, I'd say they're right on an individual case.

The issue I'm outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.

[–] delirious_owl@discuss.online 1 points 1 year ago (1 children)

Which country?

[–] promitheas@iusearchlinux.fyi 2 points 1 year ago

Cyprus