Reddit violates CCPA
Reddit violates CCPA
This video shows that Reddit refused to delete all comments and posts of its users when they close their account via a CCPA / GDPR request.
74 comments
-
-
I wonder at what point people start taking them to court. It seems like the usual idiot tech bro excuse of thinking terms of service/use somehow override the law which is hilariously naive.
You cannot override the law in a TOS.
Like if they wrote down that they were allowed to murder you written into their TOS and proceeded to murder you they'd still go to jail for murder.
-
Username's research checks out.
(Sorry, I know people are kind of sick of funny tropes that were common on Reddit, but I couldn't resist. I"ll see myself out now...)
-
-
This is one of the many legal issues Reddit now has.
Reddit is very clearly eying an ipo, but who really wants to invest in this dumpster fire.I’m not an investor but I l personally wouldn’t invest in a website as shortsighted as Reddit.
In an industry as cutthroat as social media having a site as active as Reddit, for 18 years. Should be celebrated.
In this world, where platforms live and die in the span of single years, why would Reddit throw away a formula that has worked for nearly 20 years.
-
As an investor, I can say with near certainty that the objective is extremely "short" sided.
-
Easy question to answer: they aren't profitable and the free money of years of near 0 or 0% interest rates is over. The constant VC dried up and the website is insolvent. They have a massively bloated staff roster. They're going to die if they don't make a major change.
And at the same time, all "traditional" monetization strategies for websites like these just... don't work with the way Reddit works. Making the changes they need to make will kill the site.
They never cooked up a monetization strategy that would work for them. They procrastinated. They felt free money would continue forever and underestimated how reliant their site was on volunteer labor. They got distracted by stupid side projects instead of refining the core product.
Reddit will absolutely survive all this. I expect it to still exist, at the end of the day. But it'll be smaller, and what remains will be a soulless shit hole. And it'll still be borderline insolvent.
-
If I could get a controlling interest for fifty bucks I'd chip in on that.
-
-
- reddit in violation of privacy laws
- spez a pedophile
- subs closing
reddit is doomed
-
Wow, their legal department shot themselves in the foot putting that in writing. Idiots.
I submitted a CCPA request weeks ago and have yet to hear from them. They also restored tons of content I deleted.
Time for a class action yet?
-
-
it seems that reddit are delaying following through with most requests until after 1 July when API requests (such as those that shreddit uses) will be blocked.
I was sooo worried about this and thinking that something like that would be done, back when i saw someone warn in the save 3rd party apps sub that u should request your data. Still i tried making a request bc i thought maybe reddit did not catch on yet or maybe bc it was before the blackout there can still be a chance, but till now i never got the data. :(
probably i'll just leave the comments and posts. I did not post a lot.
-
If you're using the main repo for PDS then you probably have the one that doesn't pause fro 5 secs between API calls (Reddit's limit). The first fork version has the pause and works correctly, though slowly. Just be aware that there's a bug in PDS that stops adding to the exported file if it hits an error (If you have 100 comments and get an error on comment #15 it will continue to edit/delete, but the exported file will only have 14 comments.)
-
-
Time for a massive fine from the EU. Something large enough to bankrupt them.
-
Sadly probably not. The GDPR fine can be "up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater" which would be around 26 million based on their 2022 revenue. The company has gathered over $1.3 billion in funding and was "valued" at around $10 billion quite recently.
And that's only around what a year of API calls would have cost for Apollo so clearly by discontinuing the API they are going to save that amount back in no time!
-
-
This is the comment I was looking for. A class action from European citizens, for example, under the European privacy law, would really be bad news for Reddit (and good news for the Internet)
-
-
What I noticed is that when restoring your comments they prioritize the ones with the most upvotes. Some I even deleted manually before the blackout reappeared too.
I find this shit to be likely illegal. I understand that we gave Reddit permission to use our content by agreeing to their terms of service, but if my comment was "A" and I edit it so that it displays "B", it is wrong for Reddit to still display "A" below my username without my authorization. They can exploit the content "A" however they want, but to show it under my username as if it were what I consented to display under my name feels like a breach to me.
-
I have been overwriting and deleting manually and I haven't seen anything come back yet... But it's also a nightmare to delete old comments that they have archived and don't show up on your profile. I just gave up
-
It is illegal under the EU law.
-
-
I love it, it makes their intentions so obvious. Milking our content for AI training. Nobody will read our old conversations, except for AI´s
-
Lovely thing is that there isn't even a option to delete data via a LGPD (Lei Geral de Proteção de Dados) request. Well, for what I know at least
-
The product owners over at Reddit are going to be surprised to learn that Brazil exists.
-
"Brazil? Isn't there where the Amazon offices are at"
-
-
Ditto for the Canadian PIPEDA.
-
-
I don't think they are actually restoring posts/comments. This whole thing is based on confusion about the blackout and many subreddits going private. Most people would think you can see all of your own posts and comments if you are logged in and go to your profile page, but if a subreddit goes private you cannot even see your own submissions in that sub.
So after the blackout ended and most subreddits went public again, people who nuked their account history are now discovering that there's still posts remaining. They think these posts were restored, but they weren't even deleted in the first place.
This is obviously a huge oversight on how Reddit handles your data and your profile page, but don't attribute to malice which is adequately explained by stupidity.
-
That still makes it impossible for a user to ever delete all their comments, which is the CCPA complaint
-
The caching issue would clear up eventually, just give it some time. The CCPA process is slower, so probably the caching issue would be resolved by the time the courts heard it.
Private is different. What if I posted in a sub like r/BasicIncomeUSA that went permanently private during the blackout and never came back? 30 days, 45 days, still private. Worse, what if it's a sub where the mods all delete their accounts - or they are unresponsive (because they quit using reddit without deleting their accounts).
So yeah, private means that reddit has to be the one doing the deletion, as a regular user may not even have the tools to delete otherwise.
-
-
If you watch the video, you would understand that this individual is deleting specific comments, then saw the exact same comments that he deleted return some time later.
-
Yes, but if you look closely all of those submissions were made on the javascript subreddit. It's entirely possible that this sub was still private on the 24th, and went public on 25th. I don't know for sure but that seems to be the most likely scenario.
Edit: Looking at the blackout tracker, javascript was still private on June 24th, which is the day that the OP of the video was manually deleting his submissions.
-
-
The law doesn't care how they handle the data or if a subreddit is private. If someone requests their data to be deleted, everything must be deleted.
-
Correct, which is why reddit must ultimately do it. Only they would have access.
-
-
It often happens to be both, though.
Which seems particularly likely in this case, given Spez & co.'s track record of being both malicious and stupid, more often than not at the same time... -
I agree, blacked.out subs is why comments are coming.back on the profile page..but there is another issue about the 1000 post limit on the profile page. That means you can Google you comments but never see them on profile
-
-
I'm honestly not surprised at all. The content you created for them is valuable and they're expecting individual users not to fight back or even notice. They have the power and thicker wallets on their side.
-
Good thing about gdpr is the data commissioner will fight it for you
-
The question would be, are comments and posts personal data which is the only thing GDPR covers?
-
-
-
I made the script here to overwrite AND delete comments because this move was about unpredictability as gravity
It also has options to remove submissions, up/downvotes and subscriptions
-
I hope he just manually deleted it for the recording and then switched to a tool to do it automatically at least. lol
-
-
-
It seems that foreign companies still have to comply if they are offering goods or services to or monitoring data of people in the EU. I'm not sure if this applies to Reddit in this case but it can be necessary for American companies to comply with the GDPR.
-
74 comments
The creator of tildes.net is a former Reddit backend developer, and believes this behavior is likely due to how Reddit caching works (or doesn't work), rather than an intentional subversion of user intent:
Luckily GDPR deletion requests don't care about how they are implemented. And failures to comply en masse tends to get really expensive.
Yup. I'm waiting for Reddit to come back with my GDPR data request (which has a time limit of 30 days, after which they can tell their excuses to extend it by another 30 days I believe), and assuming they have not reversed the API decision I'm ordering them to delete it all afterwards. And they even now have a handy list, the one they just gave me, of everything they have to purge - if they didn't, it wouldn't be on that list in the first place :)
Based on this, I'd say that Reddit fully deserves to be banned in Europe and California, and fined into potential bankruptcy. Having deeply flawed technology that prevents them from ever being in compliance of a very serious law is no excuse.
.
This sounds like malicious incompetence...
Not necessarily, although Reddit can definitely choose to play it that way.
A lot of systems made in the pre-GDPR era (which is most of them) were not designed with the capability to decouple and erase content at a moment's notice.
Btw incompetence won't hold up as a valid defence for violating GDPR. At most it can give them some stalling room.
Oh God. Somewhat unrelated, but I felt like I knew the name "Deimos" from somewhere. Couldn't put my finger on it. Finally realized who he was.
Greek god of dread and terror. Also, the smaller and outermost of the two satellites of Mars, named after said god.