Comment by Bardfinn on 07/03/2022 at 18:36 UTC

32 upvotes, 5 direct replies (showing 5)

=> View submission: Announcing Mod Notes

OK so now I have a really, really difficult question:

If someone who resides in the EU makes a request under the GDPR Right to Erasure to have all the data connected to their account erased -

is that going to involve the Reddit-hosted Usernotes (which are: authored by volunteer third parties and which are the intellectual property of the authors, and which are stored on the Reddit service) being erased?

If the Usernotes get erased, will that fact be memo'd / interstitialed with some notification, such as [Userdata redacted pursuant to GDPR], in mod logs, or in the Usernotes view? Is there a JSON string / API query returned signifying that condition?

This is a really tough issue, and one which moderators -- especially moderators who are American and who have rights to the works they author, even when those works are communications with others about a specific user account -- deserve answers to, before migrating their already-existing usernotes about GDPR-subject user accounts (which are also their intellectual property and are already stored on Reddit's service) to the new Usernotes feature.

I understand that there may not be a prompt answer or a clear answer, but I thank you for addressing the question.

Replies

=> Comment by Watchful1 at 07/03/2022 at 18:49 UTC

11 upvotes, 1 direct replies

That's a very good question.

=> Comment by CryptoChief at 07/03/2022 at 20:19 UTC

1 upvotes, 0 direct replies

That seems like a great question. If GDPR has to be enforced on this feature, perhaps mods will have to provide their own hosting for storing usernotes.

=> Comment by wickedplayer494 at 07/03/2022 at 21:41 UTC

2 upvotes, 0 direct replies

I would also be interested in how EU GDPR and UK GDPR compliance interacts with this.

=> Comment by Dense_Advisor_56 at 08/03/2022 at 09:33 UTC

1 upvotes, 0 direct replies

How are mod notes subject to GDPR[1]?

=> 1: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/

Is the user (in)directly identifiable as a natural person from the information contained in a mod note? I don't think this is a real concern at all. Unless I'm misunderstanding something.

=> Comment by ibisum at 08/03/2022 at 11:25 UTC

1 upvotes, 1 direct replies

Also - will all users be able to access notes attached to their user ID's?

It seems like it'd be a violation of the GDPR if users can't see the notes.