I check in here quite often, but for now, I'm just focusing on clearing spam and keeping the instance alive. In January, I was working on the AP module, and there has been significant progress in the work, which hasn't been publicly published yet. Unfortunately, at the beginning of the year, I developed a skin condition that...
“Death penalties should be public, should be quick, it should be televised. I think at a certain age, its an initiation…What age should you start to see public executions?” Kirk asked....
The requests don't go to reddit, but the supervisory authorities. They can try and ignore those requests, but since they have offices in the EU, those can and will be slapped around - if any DPA takes action, that is.
The DPAs have discretion on how they interpret the laws and what guidance they give. This is something you could only really pursue through litigation beyond what reply you're getting from your DPA. Personally, I am not trusting reddit to actually, truly delete anything. But there would need to be proof for that, beyond my suspicions.
If deleted was truly deleted, I'd say they're right on an individual case.
The issue I'm outlining is however of a different nature, so I am somewhat hopeful at least some DPA will take this issue on.
It is not clear if reddit has already engaged in this with Google, or if it is something that's only starting. However, as outlined in my post, they might have to consult with a DPA before engaging in this anyway, which I doubt they have done. So, no, DPAs are absolutely the right place to make that complaint.
Even if they hadn't started yet, might as well get their eyes on it, and force them to do it right from the get go (which they cannot do, as it currently stands).
Especially US companies usually just do things and are willing to engage in lenghty legal battles after the fact.they are very, very litigous.
Another issue to consider is that the GPDR is held vague on purpose since it applies to your neighborhood yoga studio as well as Google or reddit. Entirely different use cases. So there is a lot of room for interpretation.
Looking at the conduct just within Europe, yes, I think it is possible GDPR considerations were either ignored or downplayed to the point of irrelevance. There was a recent study by noyb.eu which showed that DPOs are still often pressured to make recommendations that do not align with GDPR principles.
Either way, the DPAs will have to decide if the complaint has merit. Given new technologies are specifically mentioned im the GDPR, I am at least very curious to see how it turns out.
As I've already stated in reply to a comment of yours on the other crosspost, no. I am a certified data protection officer and you do not need to be a lawyer to have some competence in dealing with the GDPR. The GDPR specifically outlines the role and required qualifications for the data protection officer.
It depends on where you live. But reddits EU offices are in the Netherlands, so you could file a complaint with them. Usually it should be as simple as searching for "gdpr supervisory agency [my state/country]" to find their website and complaint form.
reddit is telling it's future investors with recent news and more info on their IPO, that they're currently selling and looking to sell their user's data to companies wanting to train their LLMs, including Google....
Nope, your username and email are required and linked to your data, so it's entirely personal information. True anonymization is impossible with open text fields, as it's always possible that people reference other users within their posts, etc.
Of course, what the DPAs do with it, is another matter. Doesn't hurt to try.
DPOs in Europe don't always work with lawyers. I mainly deal with mid-sized companies and work with lawyers on the end of the larger corporations, absolutely. I was simply clarifying I am not a lawyer and don't claim to be one.
Every post is tied to a username and email address, making it personal information, since each poster can be identified. I'm sure they're also tracking further metrics such as IP addresses, browser fingerprints, etc. It is immaterial if we from the outside are able to identify users, it only matters if it's possible given the data available to the processor. In this case, it is. Not to mention, there is a good chance texts and posts themselves contain plenty of personal information, such as linking to other user profiles, mentioning and discussing people, etc.
That is not quite correct. As long as it is possible to identify the user, it is personal data. True anonymization under GDPR is nearly impossible without destroying the data set.
Reddit would have to fully delete it, otherwise simply searching Google with the exact text with site:reddit.com on any comment immediately reveals who the author is.
It doesn't matter if the dataset in use allows for identification, as long as identification remains possible.
It doesn't matter, as long as the text is supplied as is, a simple Google search with the text and site:reddit.com will reveal the author, keeping it identifiable. True anonymization under GDPR almost does not exist, as it would destroy the dataset and make it unusable.
It is not enough, no. The LLM might reveal training data, showing the original text and that is a simple Google search with site:reddit.com away from identifing the user. It's trivial and thus not anonymized.
I'd argue it is, but, that's where the judgement of the DPAs comes in. It's definitely possible that some, if not all of them, reject this as "it's fine". But unless eyes are being put on it, any shenanigans will simply occur.
I don't know how it might go, but giving it a try is basically free.
Also, I appreciate your consideration of my perspective!
You have to give one, while signing up (just checked); unless you go through apple or google ID services. Either way, they still log your IP and other meta data not to mention your username does exist.
It doesn't matter what it tells me. Personal data is clearly defined under GDPR as data that can be used to identify a person. It is irrelevant if you or I can do it with publicly available data, reddit has the data and that is enough to qualify it as such.
A DPA might absolutely disagree with my reading of the situation. I would be surprised, if a DPA considered usernames as non personal identifable information and know of no such ruling.
Reddit said in a filing to the Securities and Exchange Commission that its users’ posts are “a valuable source of conversation data and knowledge” that has been and will continue to be an important mechanism for training AI and large language models. The filing also states that the company believes “we are in the early...
RE: Is Ernest still here?
I check in here quite often, but for now, I'm just focusing on clearing spam and keeping the instance alive. In January, I was working on the AP module, and there has been significant progress in the work, which hasn't been publicly published yet. Unfortunately, at the beginning of the year, I developed a skin condition that...
Trump ally Charlie Kirk suggests children should watch public executions (www.newsweek.com)
“Death penalties should be public, should be quick, it should be televised. I think at a certain age, its an initiation…What age should you start to see public executions?” Kirk asked....
Any EU based users of reddit should immediately file a complaint under GDPR with their supervisory authority (kbin.social)
OC Any EU based users of reddit should immediately file a complaint under GDPR with their supervisory authority for the sale of their data to Google to train their LLMs
reddit is telling it's future investors with recent news and more info on their IPO, that they're currently selling and looking to sell their user's data to companies wanting to train their LLMs, including Google....
Reddit: 'We Are in the Early Stages of Monetizing Our User Base' (www.404media.co)
Reddit said in a filing to the Securities and Exchange Commission that its users’ posts are “a valuable source of conversation data and knowledge” that has been and will continue to be an important mechanism for training AI and large language models. The filing also states that the company believes “we are in the early...