In the eyes of the GDPR it doesn’t matter, if a user used their right to be forgotten, anything that could be PII or anything they generated has to be either deleted or at least anonymized.
Now since we’re talking about reddit posts here, there’s a non-zero chance that at last one if not more of the users posted something about themselves that can be used to identify them in a post. So detaching the user from the post doesn’t satisfy the laws.
So with that out of the way, we can conclude that the posts themselves most likely contain some PII.
You’d have to delete/scrub the posts, the logs, the caches, including on any CDNs.
Obviously either they aren’t scrubbing everything, which I would agree that could happen… I doubt it because of reddits size. I could understand and excuse some tiny company with a few engineers, or a new company… but not a decade plus old company worth billions.
So i think it’s mighty forgiving to say that they did it by accident. I also think it’s not ok to say that reddit did it on purpose either.
I’ve got a feeling that they half did the GDPR tasks… And thought “ehh nobody will notice” or “will make a new improvement epic for this” and never did.
I don’t think this is actually deliberate. Its just a byproduct of the CDN
In the eyes of the GDPR it doesn’t matter, if a user used their right to be forgotten, anything that could be PII or anything they generated has to be either deleted or at least anonymized.
Now since we’re talking about reddit posts here, there’s a non-zero chance that at last one if not more of the users posted something about themselves that can be used to identify them in a post. So detaching the user from the post doesn’t satisfy the laws.
So with that out of the way, we can conclude that the posts themselves most likely contain some PII.
You’d have to delete/scrub the posts, the logs, the caches, including on any CDNs.
Obviously either they aren’t scrubbing everything, which I would agree that could happen… I doubt it because of reddits size. I could understand and excuse some tiny company with a few engineers, or a new company… but not a decade plus old company worth billions.
So i think it’s mighty forgiving to say that they did it by accident. I also think it’s not ok to say that reddit did it on purpose either.
I’ve got a feeling that they half did the GDPR tasks… And thought “ehh nobody will notice” or “will make a new improvement epic for this” and never did.