As the title says, Reddit replied to my GDPR request to delete all my data saying I had to do it first, which I suspect is in violation of GDPR law.
Reddit’s argument is that to comply with GDPR, they just need to dossociate your account from your posts, so the latter cannot be traced back to you. However, the argument could be made that the posts themselves are enough data to be linked to you.
Is there any type of response that could be framed in legal terms to make reddit really remove all the content from my account?
I think it’s untested whether this is legal or not; it’s in a legal grey zone. Try to find an online script to help you delete all your posts. Alternatively turn the question to your national agency which handles GDPR compliance.
With the API shutting down, I believe there is no longer an automated way to delete all content. I would focus more attention on the latter suggestion.
This is what worked for me:
https://github.com/j0be/PowerDeleteSuite
It took a couple tries. My first try, I used the option to replace my posts with a bit of text (it was exceedingly brief) and unchecked the Delete option. That didn’t have the desired effect, so I included the option to delete, even while specifying the edit. That was almost a complete sweep. There were a few stragglers, so I just deleted those by hand.
Went back a week later, noticed a couple more of my comments from within a month before I ran PDS, and deleted those manually as well.
No API needed. You use a desktop/laptop browser. Just follow the instructions.
There’s also a fork of the project, based on the assumption that Reddit introduced a rate-limiter. It inserts a 5 second pause between each deletion, so the caveat is that it could be running for several hours before finishing.