Posts and comments must be separately deleted before deleting your account. If not separately deleted, the content of the posts and comments will remain visible and disassociated from any account. If you want your posts and comments removed, follow the instructions on our help page.
Yeah, this is illegal. At least under GDPR. I’m not familiar with the California law.
Reddit has to delete ANY data associated with your account, and that would include the comments made.Reddit is bullshitting about subreddits not being deletable. Yet, GDPR helped me to force them to delete a sub named after my real name that I made long ago. So it seems GDPR works quite well.
Perils of living in Massachusetts. I hope similar laws pass federally in the United States.
That being said, I’ve been on the other side of GDPR. Getting ready for GDPR around 2017 was so much work. We initially had a lengthy confluence runbook with all the places data had to be deleted from. It took a while to automate. Painful, but it’s the right thing to do.
RE: OP
I’m pretty sure this is in violation of both GDPR/CCPA
IANAL, but I agree. In my past companies, when a GDPR deletion request comes, we follow through and delete the data. We might ask users to verify their identity but that’s about it. It should be 2-3 emails back and forth.
