Data Anonymization On Online Forum Under Article 17 GDPR

[Anonymous445]

Jurisdiction

Other

I made posts on the Steam discussion forums with an account I still actively use and which can be linked to my identity. I submitted a request to their support team to delete some of my posts. They responded with a pre-made message that stated they can not delete them because they have an obligation to protect the data of other users, which does not make sense to me. I sent them another message reminding them they state they comply with the General Data Protection Regulation. I said I have the right for my posts to be anonymized under Article 17. Their next response is so far delayed. I suspect that I am correct because Reddit will comply by using a bot that scrambles the user name of posts.

Do I have any legal basis? What should I tell them if they refuse again? What should I do if they do not respond within a reasonable time?

 

[army judge]

Do I have any legal basis?

Yes, the following reveals that for your use!

If you are unable to access or delete data through the Privacy Dashboard, you can also contact us with a request to exercise these rights by using the form found at Steam Support
You'll never know, unless you try.
That said, I suspect "Steam" cares very little, if at all about matters you hold dear.

What should I tell them if they refuse again?

You have the constitutionally protected RIGHT to remain silent. When I become agitated by circumstances beyond my control, I shut my yapper!

What should I do if they do not respond within a reasonable time?

I can't tell you what you should or must do.
I can tell you what I'd do, and my pal, Ron Swanson, too!

 

[Tax Counsel]

Do I have any legal basis? What should I tell them if they refuse again? What should I do if they do not respond within a reasonable time?

The EU and UK GDPR rules only apply to those companies that retain information of people in the EU and the UK. Likewise the CA privacy laws only protect the those persons in that state. As a resident of Oregon you don't benefit from any of these laws. Oregon and federal law do not provide the same data deletion rights and until they do all you can rely on is the Steam terms of service (TOS).

 

[Anonymous445]

The EU and UK GDPR rules only apply to those companies that retain information of people in the EU and the UK. Likewise the CA privacy laws only protect the those persons in that state. As a resident of Oregon you don't benefit from any of these laws. Oregon and federal law do not provide the same data deletion rights and until they do all you can rely on is the Steam terms of service (TOS).

Steam does not know where I live unless I tell them. I could be using a VPN to spoof my location. This is the standard assumption for most forum services and is an assumption made by Reddit. To make things easy, they should just comply with GDPR in regards to all users.

 

[Zigner]

Steam does not know where I live unless I tell them. I could be using a VPN to spoof my location. This is the standard assumption for most forum services and is an assumption made by Reddit. To make things easy, they should just comply with GDPR in regards to all users.

What legal requirement do that have to do that?

 

[justblue]

What legal requirement do that have to do that?

Oh! I know! I know!

 

[zddoodah]

I sent them another message reminding them they state they comply with the General Data Protection Regulation.

Did you notice the series of flags at the top of the page you linked? If so, did you notice that the U.S. flag isn't there? The GDPR is a regulation promulgated by the European Union. The page to which you linked appears to be owned by a Washington (state) based company, and you identified Oregon as your state. Thus, the GDPR is of zero relevance.

Do I have any legal basis?

No (unless something else in the company's TOS gives you a similar right).

What should I do if they do not respond within a reasonable time?

Let it go and, in the future, be more mindful of what you post in online forums.

Steam does not know where I live unless I tell them. I could be using a VPN to spoof my location.

Even if this is true, it's irrelevant. The fact remains that you're not in the EU.

This is the standard assumption for most forum services and is an assumption made by Reddit.

This is the second reason you've made reference to Reddit, which suggests you think what Reddit does is somehow relevant. Why do you (apparently) think that?

To make things easy, they should just comply with GDPR in regards to all users.

Easy for whom? I suppose that, if the company thought that would make things easier, it might do that (if applying an EU regulation to users throughout the world wouldn't run afoul of some other country's law). Regardless, what one individual subjectively thinks a private business entity "should" do is not relevant to anything.

 

[Tax Counsel]

To make things easy, they should just comply with GDPR in regards to all users.

Make it easy for whom? For the companies holding the data? It is most definitely not easy or cheap to extend the GDPR requirements to all users and as they have no such legal requirement they stick to the minimum that the GDPR mandates. The user bears some responsibility, too. If a EU resident wants to spoof his/her location to be somewhere outside the EU then that resident is giving up some of the protection of the GDPR. If they mislead the companies with incorrect information about their true location then they can't complain when those companies reject their request to comply with the GDPR.

 

[Anonymous445]

Make it easy for whom? For the companies holding the data? It is most definitely not easy or cheap to extend the GDPR requirements to all users and as they have no such legal requirement they stick to the minimum that the GDPR mandates. The user bears some responsibility, too. If a EU resident wants to spoof his/her location to be somewhere outside the EU then that resident is giving up some of the protection of the GDPR. If they mislead the companies with incorrect information about their true location then they can't complain when those companies reject their request to comply with the GDPR.

To make it easy for Steam. They are obligated to respond to support tickets. They do not require users to report their place of residence. A quick search will reveal that other users have contacted support for the same reason and were successful. I think I lucked out and contacted a stiff employee who must be bypassed.

It should be noted that my location was never disclosed to Steam or I could have moved since creating the account. I chose a jurisdiction at random when creating this account on TheLaw.com for anonymity and did not see the "other" option. I fixed that. From now on, assume I live within an area that is affected by the GDPR.

 

[justblue]

To make it easy for Steam. They are obligated to respond to support tickets. They do not require users to report their place of residence. A quick search will reveal that other users have contacted support for the same reason and were successful. I think I lucked out and contacted a stiff employee who must be bypassed.

It should be noted that my location was never disclosed to Steam or I could have moved since creating the account. I chose a jurisdiction at random when creating this account on TheLaw.com for anonymity and did not see the "other" option. I fixed that. From now on, assume I live within an area that is affected by the GDPR.

Well, this site is for United States Law only so we can not assist you with GDPR law.

 

[Anonymous445]

Well, this site is for United States Law only so we can not assist you with GDPR law.

I wish you were here earlier. Thanks for the clarification. Bye.

 

[justblue]

I wish you were here earlier. Thanks for the clarification. Bye.

Reading the terms of this site would have educated you on this.

 

[adjusterjack]

We're done here.

Thread locked.