• promitheas@iusearchlinux.fyi
    link
    fedilink
    arrow-up
    20
    ·
    10 months ago

    Ive been engaged in discussion with my country’s data protection officer since the summer, and the reply I got was that I should delete comments myself. There are 2 comments that appear on my profile only if viewed while I am signed out, and when I raised the concerns with her I basically got the reply that “there is no personal information contained within and once you delete your account there is no username attached to them so you cant be linked with them”. Is she right, and how do I handle this situation?

    • Blackmist@feddit.uk
      link
      fedilink
      English
      arrow-up
      9
      ·
      10 months ago

      As I understand it:

      As long as the link between data and user is severed, they are compliant with GDPR. Anonymising data (proper non-reversable anonymisation, rather than pseudo-anonymisation) is as good as deleting. As long as it’s not personally identifiable, it’s OK.

      I suspect anyone else expecting the EU to purge reddit of their comments will be equally disappointed.

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        10 months ago

        According to how the UK’s Matrix/Element “privacy” messager app acts, that is correct. If, for example, you request a GDPR compliant data deletion of your messages in a room that contains 100 people, they will continue storing your data and delivering it to those 100 people, as well as propagating your data across any other servers where those people may be.

        If you’ve lost access to any of those rooms, screw you, your data doesn’t belong to you but it does belong to anybody who was there at the time.

      • sibachian@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        10 months ago

        what about the whole knowing who is who based on word pattern/habit, and connected content and/or opinion?

        • Blackmist@feddit.uk
          link
          fedilink
          English
          arrow-up
          3
          ·
          10 months ago

          None of that really seems to count for GDPR. And good luck picking any one person out of a sea of a million orphaned comments.

    • AlteredStateBlob@kbin.socialOP
      link
      fedilink
      arrow-up
      7
      ·
      10 months ago

      The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you’re getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.

      If deleted was truly deleted, I’d say they’re right on an individual case.

      The issue I’m outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.