On purpose GDPR violation is 4% of global yearly revenue fine for the company, which in reddit’s case would be 32M USD.
Still I assume OP has not actually done “forget me” request for reddit, just deleted the account. Delete is not same thing, as requesting to destroying all identifiable data of you.
GDPR doesn’t care were company is located, if you handle European citizens data, you must comply.
Delete is not same thing, as requesting to destroying all identifiable data of you.
This is what I don’t get. How are Reddit accounts not pseudo/anonymous? Back when I had an account (~5+ years ago at latest) they had nothing personally identifiable on me, in which case there are no GDPR rights to speak of. Even if I were to make an Art.17 request and go above and beyond by supplying a copy of my ID card with the request, Reddit would have no way to even verify that my ID is associated to the acct.
Reddit may not track that, which isn’t a defense against GDPR violations.
That would not surprise me
On purpose GDPR violation is 4% of global yearly revenue fine for the company, which in reddit’s case would be 32M USD.
Still I assume OP has not actually done “forget me” request for reddit, just deleted the account. Delete is not same thing, as requesting to destroying all identifiable data of you.
GDPR doesn’t care were company is located, if you handle European citizens data, you must comply.
This is what I don’t get. How are Reddit accounts not pseudo/anonymous? Back when I had an account (~5+ years ago at latest) they had nothing personally identifiable on me, in which case there are no GDPR rights to speak of. Even if I were to make an Art.17 request and go above and beyond by supplying a copy of my ID card with the request, Reddit would have no way to even verify that my ID is associated to the acct.