Man wasn’t allowed to defend himself. Absolute farce.

I mean, suit yourself if you insist that you can or only want to do it with a throwaway. I’m saying you can do it with similar services like tutanota as the failover address, eliminating the need for a throwaway.

You can simply use either: a different protonmail address or a similar service like tutanota.

The US Gamestop is selling PC parts. They started in 2021 or 2022.

How have they no means to fix their business model by cutting back on what does not work? Like… are they supposed to just keep burning money year after year on the same direction that is the cause of burning money in hopes of something magically changing about it?

That would be the sunk cost fallacy, no? If anything they now have a chance to direct their attention to getting new revenue streams because they stopped the bleeding. They got no debt except some remnant of a 0% loan by the French government. Not sure what will whittle away at them?

I do not like their current business model and do think they need to adapt, but for the first time since 2018 they even have the financial situation to try.

It’ll be rolled back when they realize engagement drops.

Contact the DPA of your EU home country. It doesn’t matter of you live elsewhere.

Even non EU citizens can make complaints. It just won’t lead to remediation for their dircet issues, if one is sought through the DPA

It depends on where you live. But reddits EU offices are in the Netherlands, so you could file a complaint with them. Usually it should be as simple as searching for “gdpr supervisory agency [my state/country]” to find their website and complaint form.

Especially US companies usually just do things and are willing to engage in lenghty legal battles after the fact.they are very, very litigous.

Another issue to consider is that the GPDR is held vague on purpose since it applies to your neighborhood yoga studio as well as Google or reddit. Entirely different use cases. So there is a lot of room for interpretation.

Looking at the conduct just within Europe, yes, I think it is possible GDPR considerations were either ignored or downplayed to the point of irrelevance. There was a recent study by noyb.eu which showed that DPOs are still often pressured to make recommendations that do not align with GDPR principles.

Either way, the DPAs will have to decide if the complaint has merit. Given new technologies are specifically mentioned im the GDPR, I am at least very curious to see how it turns out.

It doesn’t matter what it tells me. Personal data is clearly defined under GDPR as data that can be used to identify a person. It is irrelevant if you or I can do it with publicly available data, reddit has the data and that is enough to qualify it as such.

A DPA might absolutely disagree with my reading of the situation. I would be surprised, if a DPA considered usernames as non personal identifable information and know of no such ruling.

Ah, alright. Didn’t check old.reddit

You have to give one, while signing up (just checked); unless you go through apple or google ID services. Either way, they still log your IP and other meta data not to mention your username does exist.

I’d argue it is, but, that’s where the judgement of the DPAs comes in. It’s definitely possible that some, if not all of them, reject this as “it’s fine”. But unless eyes are being put on it, any shenanigans will simply occur.

I don’t know how it might go, but giving it a try is basically free.

Also, I appreciate your consideration of my perspective!

It is not clear if reddit has already engaged in this with Google, or if it is something that’s only starting. However, as outlined in my post, they might have to consult with a DPA before engaging in this anyway, which I doubt they have done. So, no, DPAs are absolutely the right place to make that complaint.

Even if they hadn’t started yet, might as well get their eyes on it, and force them to do it right from the get go (which they cannot do, as it currently stands).

It is not enough, no. The LLM might reveal training data, showing the original text and that is a simple Google search with site:reddit.com away from identifing the user. It’s trivial and thus not anonymized.

It doesn’t matter, as long as the text is supplied as is, a simple Google search with the text and site:reddit.com will reveal the author, keeping it identifiable. True anonymization under GDPR almost does not exist, as it would destroy the dataset and make it unusable.

That is not quite correct. As long as it is possible to identify the user, it is personal data. True anonymization under GDPR is nearly impossible without destroying the data set.

Reddit would have to fully delete it, otherwise simply searching Google with the exact text with site:reddit.com on any comment immediately reveals who the author is.

It doesn’t matter if the dataset in use allows for identification, as long as identification remains possible.

The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you’re getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.

If deleted was truly deleted, I’d say they’re right on an individual case.

The issue I’m outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.

Every post is tied to a username and email address, making it personal information, since each poster can be identified. I’m sure they’re also tracking further metrics such as IP addresses, browser fingerprints, etc. It is immaterial if we from the outside are able to identify users, it only matters if it’s possible given the data available to the processor. In this case, it is. Not to mention, there is a good chance texts and posts themselves contain plenty of personal information, such as linking to other user profiles, mentioning and discussing people, etc.

DPOs in Europe don’t always work with lawyers. I mainly deal with mid-sized companies and work with lawyers on the end of the larger corporations, absolutely. I was simply clarifying I am not a lawyer and don’t claim to be one.