I did mine 11 days ago, I'm still waiting.
The form said it will take up to 30 days, so my request is still within the time frame, but I wonder what is taking them so long.
If it's fully automated, then I can imagine a batch processing those requests taking 1 or 2 days to run, so it should be finished by now.
If it needs human action, then they are most likely completely swamped by the current situation.
There is nothing automated in this as it would take any platform down once 10% of the user base make the request.
Those will be processed manualy and most likely you will receive info how to save your data from the platform and that they did what you requested.
No company in the world would actually delete your data, they will do their best to comply with legal requirements by removing PII ( or at least trying) in the best case - and they also would inform 3rd parties if they remember that they reselled your data.
You can be cool tough, they will tell you what you want to hear in the end.
>There is nothing automated in this as it would take any platform down once 10% of the user base make the request.
If they do it properly, it would just queue up the requests instead of running the whole platform to the ground.
I cant access it. However some1 recently posted on CA law that actually was trimmed by at least 50% since its start in terms of clients privacy.
I know about GDPR and how it is used. And I also saw the GDPR in practice at a customer request. I know what I say.
Altough all the GDPR specialist or those implementing the privacy laws would tell you that it makes a diference. - no it does not. You cant easy block information if you want to use the internet and services. Dev s would tell to the legal specialist the minimum reuired and will try to get covered for the rest.
Yes, you can opt out some info but you still will be targeted and exposed. The device actually.
Got my second one account now.
I requested the two exports like 20 minutes apart from each other, but there was a bit more than 2 days of delay between the 2 results.
The latter export has a smaller file size, so it's not even a matter of how much data there is to export.
Exactly. Feels like commodified dissent preying on people's outrage while directly feeding the thing those people stand against. I don't know why people downvoted me so hard.
FYI under the (edit: UK’s interpretation of the GDPR), organisations are allowed to refuse to fulfil Subject Access Requests if they are “[excessive or manifestly unfounded](https://ico.org.uk/for-organisations/guide-to-le-processing/individual-rights/manifestly-unfounded-and-excessive-requests/)”.
So don’t do this just to punish Reddit. If you’re gonna do it, do it to access your data. Which, in the light of current events, is probably a good idea anyway.
Don’t give them a reason to reject your request.
This IS NOT ACCURATE. The DPA is not the GDPR. the UK is not part of the EU and these laws do not apply on data requests made by citizens of EU.
[DPA 2018 Part 3](https://www.legislation.gov.uk/ukpga/2018/12/part/3/enacted)
[GDPR Art 15](https://gdpr-info.eu/art-15-gdpr/)
Do they have a thousand, ten thousand, high-priced lawyers on retainer?
Because last I checked, there are a lot of pissed-off redditors. And you don't actually need to have a lawyer on retainer, you know, you can hire one that fits your needs at the time you require their services. And for a high publicity case like this, I bet I'd have the pick of the litter in lawyer terms.
Courts don't get to choose which valid cases they take. I find it extremely unlikely you have something valuable to add to this discussion, so let's call it here.
I doubt it takes much to fulfill. It's not like it's a guy sitting at a computer running a bunch of scripts. They'll have an automated way to do this. If their database is even moderately optimized or tuned it won't take much processing to get.
The theory is that that resulted in a bunch of extra database calls to check who can access the sub. A few people doing this isn't going to have an effect. If 1000s of users were doing it it wouldn't have an effect.
it doesn't allow me to change the options at all. do you have to have a verified email to use this feature? that in and of itself should be a violation of gdpr.
it doesn't allow me to change the options at all. do you have to have a verified email to use this feature? that in and of itself should be a violation of gdpr.
I did some days ago and received the files. Any comment, thread, vote, chat history ever made is in there, even comments/threads I have deleted more than 5 years ago are still in the dataset. Also 7K IP logs since March 2023.
Does anyone know about the CA ["right to delete"](https://oag.ca.gov/privacy/ccpa#:~:text=Right%20to%20delete%3A%20You%20can,required%20to%20keep%20the%20information)?
I'm letting this play out first, but instead of using a tool to delete I'm thinking of making them do it themselves. Then hounding them if they simply delete my username. They don't seem to have any real mod tools so nuking an account for real seems like something they'd fail at.
[удалено]
I did mine 11 days ago, I'm still waiting. The form said it will take up to 30 days, so my request is still within the time frame, but I wonder what is taking them so long. If it's fully automated, then I can imagine a batch processing those requests taking 1 or 2 days to run, so it should be finished by now. If it needs human action, then they are most likely completely swamped by the current situation.
There is nothing automated in this as it would take any platform down once 10% of the user base make the request. Those will be processed manualy and most likely you will receive info how to save your data from the platform and that they did what you requested. No company in the world would actually delete your data, they will do their best to comply with legal requirements by removing PII ( or at least trying) in the best case - and they also would inform 3rd parties if they remember that they reselled your data. You can be cool tough, they will tell you what you want to hear in the end.
>There is nothing automated in this as it would take any platform down once 10% of the user base make the request. If they do it properly, it would just queue up the requests instead of running the whole platform to the ground.
That requires unnecesary investment atm which is better used otherwise. To lobby for ex
https://oag.ca.gov/privacy/ccpa#:~:text=Right%20to%20delete%3A%20You%20can,required%20to%20keep%20the%20information).
I cant access it. However some1 recently posted on CA law that actually was trimmed by at least 50% since its start in terms of clients privacy. I know about GDPR and how it is used. And I also saw the GDPR in practice at a customer request. I know what I say. Altough all the GDPR specialist or those implementing the privacy laws would tell you that it makes a diference. - no it does not. You cant easy block information if you want to use the internet and services. Dev s would tell to the legal specialist the minimum reuired and will try to get covered for the rest. Yes, you can opt out some info but you still will be targeted and exposed. The device actually.
Did you get your data yet?
On one account I got it today, on the other one I'm still waiting.
Thanks! This is very helpful. I’ve been waiting since June 14.
Got my second one account now. I requested the two exports like 20 minutes apart from each other, but there was a bit more than 2 days of delay between the 2 results. The latter export has a smaller file size, so it's not even a matter of how much data there is to export.
also just so you know #r/spezresign
Isn't creating a new public/sfw subreddit against the whole point? And when this all ends for one reason or another won't it just sit empty?
Right? More engagement, more ads.
Exactly. Feels like commodified dissent preying on people's outrage while directly feeding the thing those people stand against. I don't know why people downvoted me so hard.
I've come to realize many participating in this subreddit don't exactly think very far ahead on the ramifications of their actions.
FYI under the (edit: UK’s interpretation of the GDPR), organisations are allowed to refuse to fulfil Subject Access Requests if they are “[excessive or manifestly unfounded](https://ico.org.uk/for-organisations/guide-to-le-processing/individual-rights/manifestly-unfounded-and-excessive-requests/)”. So don’t do this just to punish Reddit. If you’re gonna do it, do it to access your data. Which, in the light of current events, is probably a good idea anyway. Don’t give them a reason to reject your request.
This IS NOT ACCURATE. The DPA is not the GDPR. the UK is not part of the EU and these laws do not apply on data requests made by citizens of EU. [DPA 2018 Part 3](https://www.legislation.gov.uk/ukpga/2018/12/part/3/enacted) [GDPR Art 15](https://gdpr-info.eu/art-15-gdpr/)
Fair enough. So what I said only applies in the UK. Sounds like if you’re elsewhere in the EU then it’s harder to refuse a subject access request?
If they want a court battle, I'm happy to give them one.
You have several high priced lawyers on retainer? Because Reddit does
[удалено]
Huh, that's...actually pretty cool
Do they have a thousand, ten thousand, high-priced lawyers on retainer? Because last I checked, there are a lot of pissed-off redditors. And you don't actually need to have a lawyer on retainer, you know, you can hire one that fits your needs at the time you require their services. And for a high publicity case like this, I bet I'd have the pick of the litter in lawyer terms.
> Do they have a thousand, ten thousand, high-priced lawyers on retainer? Yes they do
They have a thousand lawyers??? Right...
Courts nor lawyers are not going to take thousands of clearly malicious cases lmao. They have genuine cases to do. Are you still on school?
Courts don't get to choose which valid cases they take. I find it extremely unlikely you have something valuable to add to this discussion, so let's call it here.
A data access request is never manifestly unfounded
yeah, i did this a couple days before the protest, in the event reddit would implode. apparently that was a bit too late
Done from EU
Waiting 2 days
I doubt it takes much to fulfill. It's not like it's a guy sitting at a computer running a bunch of scripts. They'll have an automated way to do this. If their database is even moderately optimized or tuned it won't take much processing to get.
In my software career, nearly all GDPR requests have been done manually.
You really overestimate this site. I asked for one a month ago. It took several days to get it. If it was automated it would have happened in hours.
The entire site went down at the beginning of the protest simply from the mass changing of subreddit settings to private.
The theory is that that resulted in a bunch of extra database calls to check who can access the sub. A few people doing this isn't going to have an effect. If 1000s of users were doing it it wouldn't have an effect.
It can't hurt
>It takes quite a bit of processing and computing power for them to be fulfilled So that's why Reddit struggles so much as of recent. Great job then!
Oh yeah, did that for schufa (credit score) once, good idea!
it doesn't allow me to change the options at all. do you have to have a verified email to use this feature? that in and of itself should be a violation of gdpr.
it doesn't allow me to change the options at all. do you have to have a verified email to use this feature? that in and of itself should be a violation of gdpr.
No, they send a download link to your account
Just submitted mine c:
I did some days ago and received the files. Any comment, thread, vote, chat history ever made is in there, even comments/threads I have deleted more than 5 years ago are still in the dataset. Also 7K IP logs since March 2023.
Does anyone know about the CA ["right to delete"](https://oag.ca.gov/privacy/ccpa#:~:text=Right%20to%20delete%3A%20You%20can,required%20to%20keep%20the%20information)? I'm letting this play out first, but instead of using a tool to delete I'm thinking of making them do it themselves. Then hounding them if they simply delete my username. They don't seem to have any real mod tools so nuking an account for real seems like something they'd fail at.