TL;DR: I got a response from Reddit that basically says they’re not violating anything.
There was a post here 3 weeks ago that talked about the GDPR violations Reddit is committing.
reddit is telling it’s future investors with recent news and more info on their IPO, that they’re currently selling and looking to sell their user’s data to companies wanting to train their LLMs, including Google.
I’m not sure of anyone else has gotten a response from them yet so I thought I’d share the email.
The Email:
Hello,
Thank you for contacting Reddit.
As stated in Reddit’s Privacy policy much of the information on the Services is public and accessible to everyone, even without an account. By using the Services, you are directing us to share this information publicly and freely.
Reddit prohibits use of its service to infringe people’s intellectual property rights or any other proprietary rights, and prohibits unauthorized scraping of Reddit content. Please note, however, that when you submit content (including a post, comment, or chat message) to a public part of the Services, any visitors to and users of our Services will be able to see that content, the username associated with the content, and the date and time you originally submitted the content.
Reddit allows moderators to access Reddit content using moderator bots and tools. Reddit also allows other third parties to access public Reddit content using Reddit’s developer services, including Reddit Embeds, our APIs, Developer Platform, and similar technologies. We limit third-party access to this content. Reddit’s Developer Terms are our standard terms governing how these services are used by third parties.
Please note that you can use the Services without choosing to share information publicly and freely on them, and you can also remove your content from Reddit at your discretion. For more information, please check out our help center articles for more information here
Thank you, Reddit Legal Support
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
Typical for dudebro libertarians not to understand what consent is until you file the restraining order.
removed by mod
removed by mod
removed by mod
removed by mod
removed by mod
People really find it hard to grasp that stuff you willingly post online in a public way can be seen by everyone. There was a thread here earlier about people flabbergasted that the admins of email services can read their unencrypted emails you send through their servers. Top response was said admins going “yes we can read your emails, no we don’t, we have better things to be doing with our time.”
maybe one of my “r/CrazyIdeas” will actually be looked at!
I have gotten the exact same response word for word.
I do not see where the violation can be if all this data sharing / selling has been explained by reddit and only info that is shared are your posts and comments, not your mail address or IP address.
Why would you even consider that platform where you publicly post things would not be able to do something with that info. Anyone being able to read this comment is also a violation?
“Nuh-uh, am not!” is the ultimate legal defence and you can’t convince me otherwise.
No way they can form a proper response to you on GDPR without citing GDPR. This is either utter incompetence or a lie. Wondering if one could sue them just for this reply message.
Probably they dont have any offices of employees or banks in the EU and are just planning to ignore fees for their violations
deleted by creator
Doeyour post comments constitute “personal data” though?
deleted by creator
natural persons. good idea. corporations are not natural persons over there
Yes
If this ever goes to court I doubt Reddit wants to open this can of worms, as well as every other social media company lol
Time to masspost poisoned images
Accessible to everyone … Ha! Try going to Reddit with a VPN.
What? VPNs banned?
Started a few months ago. But you can bypass it with the old subdomain
Yeah they don’t allow access from VPN unless signed in or if you replace www with old in the URL. They want to know who you are!
Reddit is going to the gutters. RIP
deleted by creator
Whoa there pardner!
If you replace www with old it still works though
How do I wipe my old reddit account?
Public posts on the Internet can be scraped by anyone for free. Reddit is more selling easy to consume access to that information via structured high bandwidth APIs. You should do as they said, and tell them to delete all your data so they aren’t allowed to host or profit off it anymore.
If there is commercial gain involved, laws become more applicable.
GDPR doesn’t care if they make money on the data. But in practice they do go after the bigger offenders, who often make billions of euros (and have been fined over a billion euros)
The law does not care but the enforcers are much more likely to first pick up cases where companies are making loads of money rather than someone who is not.
That’s what was my point.
There’s a lot of companies that violate GDPR, but people generally don’t complain, so they get away with it.
Complain to your respective GDPR enforcement officer. I should, too.
Already done. Still waiting for a response from them.
Please tell us whether you’ll get a response.
They’re not infringing on your copyright, because you agreed to the following:
https://www.redditinc.com/policies/user-agreement
The GDPR has nothing to do with copyright
I think this is the issue here. OP is mixing content copyright with the GDPR. But the GDPR regulates personal data, not copyright on text. And that’s what Reddit is trying to sell, the content of posts, not their user’s personal data… So the GDPR doesn’t apply to that. Hence Reddit say they aren’t violating anything, because the copyright is in the ToS.
I think that’s also my issue with the original letter. It wants to sound official and legalese, but it confuses several things. Intellectual property, copyright and privacy /data protection laws. I don’t think the author(s) understand the GDPR. It includes a definition what personal data is. And the letter is mostly talking about something unrelated. Also there are additional requirements. For example identifiability. And they also fail to address any of that… I also don’t like some of the things Reddit does, but I think this is just not a well reasoned argument. If I were in customer support or a lawyer, I’d brush it off, too.
That eula is not valid in the EU.
Is that an EULA? I thought that was for buying software? I mean I’m pretty sure we have other forms of contracts here in the EU?! Like Terms of service.
Is that a known fact about Reddit’s terms of service / “EULA”, or something you made up?
And some EULA’s are valid in the EU. Just not the American ones that you get to read after you bought something.
I expect they are talking about the ‘irrevocably’ part, as one of the core tenets of GDPR is that consent can be withdrawn.
I couldn’t say whether or not that applies here.
Ah, that makes more sense. But the GDPR also doesn’t regulate the actual content. It is about personal data. You can revoke consent processing that. But that doesn’t necessarily touch copyright and the content of some text you licensed to someone. I think copyright is seperate. I mean it’s a bit more complicated, there is some overlap…
I consider most of the stuff I post here to be personal.