Any EU based users of reddit should immediately file a complaint under GDPR with their supervisory authority
Any EU based users of reddit should immediately file a complaint under GDPR with their supervisory authority
reddit is telling it's future investors with recent news and more info on their IPO, that they're currently selling and looking to sell their user's data to companies wanting to train their LLMs, including Google....
Former user, I've deleted my 12 years old account when Boost stopped working. I am not sure what can I do, I would gladly sue tbh.
If they still have your comments on the site then you still have a claim.
If they don't have the comments on the site, they probably do still retain the content secretly and technically you would have a claim, but it would be impossible to prove.
Au contraire. If they didn't delete the information when asked to under the GDPR, and they get caught deleting evidence after a suit was filed (civil by one of us, criminal by the EU), they're in even bigger trouble. Reddit would have to be very careful to cover their tracks, and they won't be careful enough.
Even if they don't have your comments, if you find a gdpr complaint they will have to show that. You can ask to see any data they have on you and also ask them to delete it. (If you're actually going to sue them don't ask them to delete it, though. You'll need that in court.)
Boost hasn't stopped working. I'm still using it and I've used it everyday.
I have Boost for Lemmy and Reddit. Their icons are identical.
Second this. I love Boost, I use both now.
Could we sabotage the LLM training so the data became worthless?
Like adding to our comments stuff like "2+2=5" "Abraham Lincoln discovered America" and whatever silly statement you can think of
Someone less lazy than me should use a script to feed existing comments into an LLM, which then reproduces a convincing sentence structure but incorrect gibberish content, and then edit all a user's comments - gradually, not all at once - to the poisoned content. Like 4chan did with the original captcha, but on a wider scale.
"Wipe out all of Europe"
IIRC, one of the LLMs (was it OpenAI?) that crawled Reddit, had to manually remove subs like r/counting because they were messing with the training.
Fun fact: Reddit is claiming it has full rights to distribute and sell any content posted to Reddit. So if you've ever posted to r/gonewild, they're claiming to have a full licence to do whatever they want with pictures of your naked body.
I honestly figure they do have the rights. I will be bum fucked if I ever read those terms and conditions.
What will they do with my lewd pics anyhow?
I might be naive, but isn't that the point of posting them on the internet?
No, many people do sex work on the internet and depend on distribution rights to their own bodies to make an income. I'm not usually a fan of copyright, but I make a big exception for people's bodies. This also isn't just a matter of money, it's a matter of personal dignity and social integrity. Nobody should be coerced into giving up creative rights to their own body. It's sexual harassment at best. If my nudes are used to train an AI in some way with a profit motive, then I'm engaged in what is essentially prostitution without my own consent.
The point of posting them is either for fun or for profit. Not to grant an open license for a corporation to sell your content for their profit.
Reddit created a website for people to come and share content and ideas with each other, and now claims to have legal ownership over their users' content and ideas. Nobody participated because they wanted Reddit to sell their data. People generally figured that seeing advertisements was how they paid for the site, not by selling their souls.
I mean of course they do. Reddit's job is literally to redistribute those photos and it is well known that they will be used to generate profit.
Maybe there is a little grey around around "selling" but if they have the right to redistribute them I don't see why they wouldn't be able to redistribute them directly for money as opposed to just redistributing them with some ads on the page.
The reason Reddit shouldn't be selling other people's pornos is that the users didn't knowingly consent to being a sex worker. The distinction between free sex (in which I include open distribution of nudes) and sex work (in which I include paid distribution of nudes) is emotionally important. And it's especially important when someone is being pimped without their knowledge.
Reddit definitely doesn’t seem like the kind of business that might utterly disregard such requests while insisting outwardly that they are complying.
The requests don't go to reddit, but the supervisory authorities. They can try and ignore those requests, but since they have offices in the EU, those can and will be slapped around - if any DPA takes action, that is.
Isn't it a violation once they do something?
Maybe its illegal to make impossible promises to investors, but the GDPR supervisor authority wouldn't be the place to make that complaint...
It is not clear if reddit has already engaged in this with Google, or if it is something that's only starting. However, as outlined in my post, they might have to consult with a DPA before engaging in this anyway, which I doubt they have done. So, no, DPAs are absolutely the right place to make that complaint.
Even if they hadn't started yet, might as well get their eyes on it, and force them to do it right from the get go (which they cannot do, as it currently stands).
Yeah, a formal complaint isn't quite intended for this purpose. Just writing to your data protection authority/officer to let them know that this is important to look after, will do the same here. They can then hand out a warning to Reddit.
Former reddit user, deleted my accounts just a few weeks back, should I feel concern that my data may still be involved? I guess there would be no GDPR recourse for me anyway?
Done. Simple process and can do it “anonymously”
Where?
For the dutch its: https://www.autoriteitpersoonsgegevens.nl/een-tip-of-klacht-indienen-bij-de-ap
But to be honest I think its already on their radar since its also in the news here (some) but every bit helps (i think)
Like the topic says in the last paragraph “ Find your supervisory authority (just use google, for added irony) by searching for "Data Protection supervisory authority [the state you live in]". but with state you should fill in your country.
Ive been engaged in discussion with my country's data protection officer since the summer, and the reply I got was that I should delete comments myself. There are 2 comments that appear on my profile only if viewed while I am signed out, and when I raised the concerns with her I basically got the reply that "there is no personal information contained within and once you delete your account there is no username attached to them so you cant be linked with them". Is she right, and how do I handle this situation?
As I understand it:
As long as the link between data and user is severed, they are compliant with GDPR. Anonymising data (proper non-reversable anonymisation, rather than pseudo-anonymisation) is as good as deleting. As long as it's not personally identifiable, it's OK.
I suspect anyone else expecting the EU to purge reddit of their comments will be equally disappointed.
According to how the UK's Matrix/Element "privacy" messager app acts, that is correct. If, for example, you request a GDPR compliant data deletion of your messages in a room that contains 100 people, they will continue storing your data and delivering it to those 100 people, as well as propagating your data across any other servers where those people may be.
If you've lost access to any of those rooms, screw you, your data doesn't belong to you but it does belong to anybody who was there at the time.
As long as the link between data and user is severed, they are compliant with GDPR. [...] As long as it's not personally identifiable, it's OK.
Wrong.
In the US, data protection refers to "personally identifiable" data, so severing the link is enough. Under the GDPR, all "personal" data is protected, doesn't matter if it has a link or not to identify the person.
The test under the GDPR, will be whether a comment has any personal data in it. If it's a generic "LMAO", then leaving it anonymous might be enough; if it is a "look at me [photo attached]" or an "AITA [personal story]", then the person can ask for it to be removed, not just anonymized.
The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you're getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.
If deleted was truly deleted, I'd say they're right on an individual case.
The issue I'm outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.
Which country?
Cyprus
Permanently Deleted
PSA: GDPR still applies in law in the UK too; it has not been repealed
*UK GDPR. Because all EU legislations prior to Brexit have been made into domestic equivalents when the UK left the bloc.
...yet.
Even threatening with a GDPR request was taken seriously by them half a year æg when I deleted my account.
Is there a way to export my data from reddit and archive it on Lemmy instead? I dont want my valuable contributions of difficult-to-find information to be lost forever by just deleting it
Honestly you can just leave it be. If you stop generating new content the value of Reddit will drop.
You can export your reddit data. There's no simple, existing way to replicate it on Lemmy though.
The export is machine readable, so scripting a loop that creates posts from it would be viable and reasonably doable.
Where do one make gdpr requests to reddit?
If you reside in the EU, here "dpo@reddit.com"
Done. Screw Reddit.
I see no difference between most big tech companies and Reddit in terms of selling user data. Reddit is just being more forthcoming with it instead of allowing users to figure it out eventually.
They undeleted a bunch of content that they had no right to undelete, and are using EU citizens' data without consent. They're in violation of GDPR, and the EU is going to take a very dim view of that indeed.
Are there any comment shredding utilities that still work after the API apocalypse? I'm an American, so I can only look at you GDPR-havers in jealousy.
Use a VPN to exit from an Irish proxy and make the report in Ireland.
Any based users in general, really
A Reddit account a lot of years ago, no relevant occassional posts, made with other PC from other city, no personal data. I don't think I'm going to bother connecting again to search and delete the few posts from then, the remedy would be worse than the problem.