TL;DR: I got a response from Reddit that basically says they’re not violating anything.
There was a post here 3 weeks ago that talked about the GDPR violations Reddit is committing.
reddit is telling it's future investors with recent news and more info on their IPO, that they're currently selling and looking to sell their user's data to companies wanting to train their LLMs, including Google.
I’m not sure of anyone else has gotten a response from them yet so I thought I’d share the email.
The Email:
Hello,
Thank you for contacting Reddit.
As stated in Reddit's Privacy policy much of the information on the Services is public and accessible to everyone, even without an account. By using the Services, you are directing us to share this information publicly and freely.
Reddit prohibits use of its service to infringe people’s intellectual property rights or any other proprietary rights, and prohibits unauthorized scraping of Reddit content. Please note, however, that when you submit content (including a post, comment, or chat message) to a public part of the Services, any visitors to and users of our Services will be able to see that content, the username associated with the content, and the date and time you originally submitted the content.
Reddit allows moderators to access Reddit content using moderator bots and tools. Reddit also allows other third parties to access public Reddit content using Reddit's developer services, including Reddit Embeds, our APIs, Developer Platform, and similar technologies. We limit third-party access to this content. Reddit's Developer Terms are our standard terms governing how these services are used by third parties.
Please note that you can use the Services without choosing to share information publicly and freely on them, and you can also remove your content from Reddit at your discretion. For more information, please check out our help center articles for more information here
Thank you, Reddit Legal Support
Of course they'll say that to you on their platform.
If you file a deletion request, or complaint with a regulator, you should get a better response there.
I worked at tech companies that were doing obviously illegal things, who will actively deny it to anybody outside the company but then when they finally get a fine, will tell employees, "It's the cost of doing business."
Right to be forgotten applies to personal data. Your posts are not personal data.
That's not true. PII has harsher requirements, but personal data is not just PII
Please provide evidence that a public post you make would be considered personal info.
https://law.stackexchange.com/questions/28276/are-internet-forum-posts-considered-personal-data-under-gdpr
The law is poorly written unfortunately and I don't think we'll know for sure until there's a legal challenge.
maybe it is the Metadata that is wanted, not the personal info, per se?
I'm saying the personal part doesn't matter. Theres especially difficult rules in place for PII
But right to erasure applies to all user data, not just PII
Ah Gotcha, but I don't think you're right.
Right to be forgotten: https://gdpr-info.eu/art-17-gdpr/
This talks explicitly about personal data in all contexts.
The definition of personal data is anything that can be used to identify someone: https://gdpr-info.eu/issues/personal-data/
This isn't all user data, just stuff that makes a user identifiable.