- cross-posted to:
- virginia@lemmy.world
- cross-posted to:
- virginia@lemmy.world
https://www.reddit.com/settings/data-request
Having worked at a company that had a massive influx of GDPR requests we weren’t prepared for, this one could actually cause them some trouble if Reddit don’t have that process properly automated.
You could consider making a data request first and after they respond, make a deletion request when you’d like your account removed. This will use even more resources.
If they do not respond to either the data request or deletion request (or do not fulfil these requests fully), you can make a complaint with your local data protection office or the one Reddit is based in (maybe Ireland?). Make sure you invoke GDPR using the correct language for your request.
Here’s a template letter of how to do so under GDPR. You must request your data or the deletion of you data using the correct legal framework (quoting the correct legislation) and these templates make this easy. Plus they cover more types of data than just your posts and comments.
https://www.datarequests.org/sample-letters/
Whenever I do this with other companies I do a SAR to get a copy of the data, then a RTBF request to get the data removed, then another SAR to see what they retained.
A significant number say they delete your data and then happily send it back to you a coupla months later when you make an SAR. The ICO loves those ones.
That’s a great idea, I’ll do this too.
Having also worked somewhere that was under GDPR, weaponised bureaucracy like this can really be used to consume staff resources.
Edit: it looks like Reddit have changed their data request form. To make a full GDPR request, with the additional data in the template, you’ll need to email your request to Reddit (redditdatarequests@reddit.com).
You can not only request your data, but also request information regarding how your data is processed and also about psudo-anonymised data. These are much harder to automate a response to.
See here for examples from the template: