Quote:
Originally Posted by DNSB
I thought the GDPR required an organization to delete an individual's data upon request. I did a quick check and could not find anything that would prevent an individual from deleting their own data.
|
You're right. Just to clarify, I know a bit about the subject because in the past I was involved in a long and painful legal conflict with Coinbase around my personal data.
So, this is what I know.
According to GDPR, any EU resident/citizen can request the deletion or correction of their data. You can usually do this by accessing the company's privacy policy, which typically includes the email address of the DPO (Data Protection Officer in the EU) or CPO (Chief Privacy Officer in the US), and email him/her your request.
Companies normally have a month to acknowledge receipt of the request and some extra time to comply and, at least in the EU, in the event of a dispute, users can escalate the request to the relevant DPA, which is the Data Protection Authority from each EU country. In the worst case, companies can be fined.
In the US, users are also protected by similar laws, although these vary by state. For example, in California you have CCPA, which is a similar law to GDPR. There is also another similar law in Nevada.
In my humble opinion, MobileRead could simply implement a deletion alternative similar to Reddit, where the user can delete his profile by himself, leaving his comments visible but anonymised. This way you honour this fundamental users' right, avoiding breaking the flow of the threads.