this post was submitted on 25 Jun 2023
1152 points (99.4% liked)
13435 readers
1 users here now
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You could consider making a data request first and after they respond, make a deletion request when you’d like your account removed. This will use even more resources.
If they do not respond to either the data request or deletion request (or do not fulfil these requests fully), you can make a complaint with your local data protection office or the one Reddit is based in (maybe Ireland?). Make sure you invoke GDPR using the correct language for your request.
Here’s a template letter of how to do so under GDPR. You must request your data or the deletion of you data using the correct legal framework (quoting the correct legislation) and these templates make this easy. Plus they cover more types of data than just your posts and comments.
https://www.datarequests.org/sample-letters/
Whenever I do this with other companies I do a SAR to get a copy of the data, then a RTBF request to get the data removed, then another SAR to see what they retained.
A significant number say they delete your data and then happily send it back to you a coupla months later when you make an SAR. The ICO loves those ones.
That's a great idea, I'll do this too.
Having also worked somewhere that was under GDPR, weaponised bureaucracy like this can really be used to consume staff resources.
Edit: it looks like Reddit have changed their data request form. To make a full GDPR request, with the additional data in the template, you'll need to email your request to Reddit ([email protected]).
You can not only request your data, but also request information regarding how your data is processed and also about psudo-anonymised data. These are much harder to automate a response to.
See here for examples from the template: