Tired of Reddit’s recent shenanigans and want to cause them a little bit of pain? Well now, my friends… why not add “request all of the things” to your Reddit exodus?
The link to the appropriate page is here:
https://www.reddit.com/policies/privacy-policy#policy-h2-2
So, why might you want to request a copy of your data?
First, the collection they (eventually) send to you will contain your entire post / comment history, allowing you to (in theory) use that collection to remove all of your posts versus the last 1000 or so of each. There’s no guarantee that Reddit won’t restore those posts, of course, but at least you tried!
Second, you can scour the data for personally identifiable information (PII.) Your local laws may entitle you to removal of PII, so if you’re inclined to purge the Reddit record of information that can identify your OMG real self… that dataset may help.
Third, you’ll have a copy of your Reddit history. All those epic ideas will be in your hands, not theirs, safe to share elsewhere as you please. While you may not have the right to revoke the license you gave Reddit by posting there, you can most assuredly re-use your post as you please, wherever else you please.
Fourth, and lastly? If everyone submits data requests, Reddit’s team has to spend the time (and money) to pull your data. it might be a small thing, but inundating Reddit with tens of thousands of data requests that they’re legally obligated to provide is both wise (for you) and at least a little bit costly (for them.)
Addendum: If you want to make things a little harder (at risk of them not responding) you can use their privacy email versus their form. That way, someone likely has to verify that X request is tied to Y account.
Easiest way to send a data request is with this direct link: https://www.reddit.com/settings/data-request
It is reachable several clicks from the posted policy and I suppose it also appears in the “new” reddit settings page, but I use a Firefox extension to always redirect to old.reddit and it does not appear in this version.
Sent my data request a few days ago and got no answer yet. They have 30 days to do it, I suppose their plan is to delay a lot.
@b42 @Melpomene I requested mine the day Apollo broke the news on api changes, zero response thus far…
Same here. I’m kind of suspecting that Reddit isn’t going to be giving me my data anytime soon, if ever!
They have 30 days to fulfill the request, and I wouldn’t be surprised if they’re doing a little malicious compliance of their own by taking as long as they can to fulfill it. I actually requested my data about six months ago, just to see what was in it, and as I recall they got it to me within a day.
I hope it backfires with them finally checking on the last possible day and seeing there are far too many to meet it in time
Worth noting is that for those in the USA, some states have penalties for noncompliance. So if they fail to provide, well… there’s that too.
I also requested my export a week or so ago. If it’s not received within the 30 days I intend to report them to the ICO under the terms of the UK-GDPR
Thanks for the direct link! Yeah, I linked the top page so folk could check out the terms but the direct is good too. My experience with these requests is that they can take some time depending on the site. Some do push it to the deadline.
Great post, thanks for explaining it clearly to folks. I requested mine a couple of weeks ago. It’s worth noting that they have 30 days to respond to these requests (GDPR or otherwise), so don’t expect it immediately. I think I’ve heard anecdotally that they can’t do it if you’ve already deleted your account, too. Something to consider as far as order of operations.
I think I’ve heard anecdotally that they can’t do it if you’ve already deleted your account, too. Something to consider as far as order of operations.
GDPR not only allows you to request your data but also to delete it, so if the deletion happened through a GDPR deletion request, they shouldnt have any data for a GDPR data request afterwards.
That may be true, though I’ll test the “delete then ask” angle." Most laws specify data they retain, so if they still link it to your deleted account they may be obligated to provide it regardless.
Whether they do so, well… let’s find out!
Do you know what the format of the data they send is? Would be interesting to write a script to allow someone to recreate their content somewhere else if they were so inclined.
It’s a zip file containing 32 .csv files that each contain a different type of data. poll votes, saved posts and comments, user preferences, comments, chat history, gilded posts, messages, and so forth. It seems likely that you could recreate whatever parts of your account that you wanted using it. Though the saved comments and posts are just the urls of those things, so if they’re already deleted or private you’ll have to go ask the datahoarders for the details.
or for anything past 2021 the wayback machine should have it, too.
I haven’t found a GDPR compliant “forget me” request so far, anyone have any ideas?
Based on my limited GDPR experience at work, you can probably brute-force it this way:
Send your erasure request to redditdatarequests@reddit.com
They have 30 days to respond to your request. Keep in mind that there are provisions in GDPR that may allow Reddit to retain your data (such as anti-money laundering, anti-terrorism, etc), but you will at least get a yes/no reply as to whether your data can be deleted.
I sent the request and followed up with an email detailing what I understood my request to cover and I did get a “we will comply within 30 days” note back. We’ll see what they send, but honestly I just want to see what data they keep.
I requested it more than a week ago and still no reply.
I want to try to use some stupid legalese against them like this: https://www.datarequests.org/blog/sample-letter-gdpr-erasure-request/
I’m waiting for the request to see what they have and then I‘d add it in there to request them to delete it all.
Though it‘s hard to say whether anything in my user counts as personal information. I talked a lot about the city I live in, and maybe some details like age and gender together with that could be an argument.
I have some feeling they won‘t comply due to that, but at least they‘d have to waste their time a bit. I could also try going to a lawyer or report it lol.
I‘m usually NOT the type to do this kind of stuff at all (strong dislike for bureaucracy and police) but I‘m feeling especially vindictive about this so I‘m trying to think of all I could do.
If you’re persistent, sites usually end up complying to make you go away. I’ve had to fight other sites (Instagram) for removal of my photos copied to spam profiles. It takes a bit of back and firth but they generally end up complying. Might help to cc their legal department if they exceed the deadline.
Giving this post a signal boost: https://kbin.social/m/RedditMigration/t/59451/Finally-Managed-to-erase-all-1477-of-my-comments#comments
In the past there are references for folks outside GDPR/CCPA areas being able to do this and reddit respecting that. Does anyone feel that todeay’s reddit would still continue to honor “Other” requests, without the heavy hand of the GDPR/CCPA law upon them?
It depends. Some states have privacy laws in effect now that are substantially similar to the CCPA. Reddit not complying in those states may not end well for them either.