How to Delete your Reddit Account and All Data under GDPR/CCPA
If you want to delete your Reddit account and all of the associated data you normally don't have any way to do so. For the most part you're limited to performing the regular account deletion which leaves all comments and post data intact but does disassociate the content from your account.
However, depending on where you physically live in the world (a silly concept in the age of the internet), there are laws which can help you with the process.
Why Delete your Reddit Data?
Why might you want to delete data from Reddit (or any other online platform)? The top reason, in my opinion, is that these platforms are constantly getting hacked and someone leaks all of the information to the whole internet. A lot of creepy insights can be gained from such information about you personally, not to mention any private communications. Removing this attack vector just makes sense.
Another reason is basic garbage collection; much like you wouldn't want to leave a banana peel on your kitchen floor or a car rusting in your back yard, having data associated with you that you don't benefit from is additional cognitive load. It is essentially garbage that should be cleaned up.
There are also political reasons. Perhaps you don't like they Reddit has killed off the third party apps that helped it rise in popularity. Or perhaps you don't like how much they benefit from unpaid moderators. Perhaps you don't like the centralization of the internet. Or perhaps you finally want to fight back against the "this website looks better in our mobile app" banner.
Why Manually Deleting Content doesn't work
One option you've always had is to first scroll through all of your posts and comments and click the delete button one-by-one. But, Reddit employs the same technique internally that most social platforms do wherein data isn't physically removed from the database but is instead soft-deleted.
Note that at this time Reddit will undelete any posts and comments that you delete in quick succession. This is probably due to all of the recent drama. Last week I went through and deleted every single post and comment associated with my account. And, while the data disappeared for a few days, everything has since been reinstated.
In database terms, a soft-delete is setting a flag on rows in a database. For example, a previous employer of mine used
deleted: true. This is done instead of performing an actual
DELETE. This is sometimes done for performance reasons (no need to
VACUUM a table if there aren't any holes in it, which is kind of like running disk defragmenter back in the 90s). More often than not soft-deletes are done so that a corporation can continue to analyze and learn from data.
Technical details aside, soft-deleted data is still present when the next data breach happens.
If you're lucky enough to live in Europe or California then you do have a better option. Namely, citizens of Europe can request that their personal data be entirely deleted under the terms of the GDPR. Similarly, California citizens can request data be deleted under the CCPA.
Some companies make you email them directly, however Reddit has a convenient form for this. The form is located at their Reddit Help > Submit a Request page. Once on the page you'll want to fill out the form as follows:
|Assistance #1||Inquiries Related to Your Privacy Rights|
|Email associated with the account|
|Assistance #2||Request account deletion/deactivation|
|Type of Request||Select GDPR or CCPA|
|Username||Enter the username associated with the account|
|Subject||Requesting Account Deletion under
For the Details of Inquiry section, feel free to use a variation of this message:
As a citizen of California I am requesting that Reddit delete any and all data associated with my Reddit account under the CCPA. This includes all direct data, like comments and posts and subscriptions and private messages and the account itself. This also includes any meta data that has been collected, such as which posts have been viewed and dates and times pages were accessed.
The username of the account is USERNAME and the email address is EMAIL.
For more information about the CCPA feel free to visit this webpage: https://www.oag.ca.gov/privacy/ccpa#sectiond
As a citizen of Europe I am requesting that Reddit delete any and all data associated with my Reddit account under the GDPR. This includes all direct data, like comments and posts and subscriptions and private messages and the account itself. This also includes any meta data that has been collected, such as which posts have been viewed and dates and times pages were accessed.
The username of the account is USERNAME and the email address is EMAIL.
For more information about the GDPR feel free to visit this webpage: https://gdpr-info.eu/art-17-gdpr/
Once you send the form Reddit then has 45 days to respond to your inquiry (this appears to be common across both GDPR and CCPA). Reddit can then choose to sandbag for up to another 45 days. I'll update this post once I hear back from them but I suspect there's an email confirmation and, depending on how they're feeling, there might even be some sort of request to prove that I'm a citizen of my chosen location.
What if you're not legally covered
If you don't happen to be located within the correct physical polygon, well, you're almost entirely out of luck.
First, note that more places are constantly enacting similar laws. For example, you might be covered under similar guidelines if these apply to you:
Clearly, more states and countries will continue to enact similar laws. It's not unbelievable that one day the entirety of the USA will be covered by a law. So, you could consider blanking out your comments and posts, soft-deleting them, and keeping your account around long enough for the privacy laws to come to you. I've done something similar in the past with a list of online accounts in a TODO folder in my password manager.
One way to get around soft-deletes is to first update every single post and comment with new text. Services like this usually overwrite the existing data with new data in place, effectively destroying the old content. After that you can delete the posts and comments by hand and then ask to have the account deleted.
Keep in mind there is no guarantee that this data is actually being removed in any capacity. Even platforms much smaller than Reddit have complex systems of sending data to various backend services and data warehouses. While data that you choose to change or delete might disappear from the primary data store, a copy will live forever in some analytics or machine learning service.
The intent of GDPR/CCPA is that companies are required to expunge this data from all of those backend services, so if you happen to live in Europe or California, you should always make a GDPR or CCPA request when deleting an online account. Data is a liability after all.
Update #1: 2023-06-19 11:07
I received a response from Reddit pretty quickly after submitting it. The response told me that I must delete all of the posts and comments beforehand. I'm pretty sure this is in violation of both GDPR/CCPA as it might be physically impossible for a user to delete, say, one million comments. Of course, this ignores the fact that Reddit already restored all of the data that I've deleted.
We would be happy to help you delete your Reddit account if you have one. Before we proceed please note:
- Account deletion is irreversible.
- Posts and comments must be separately deleted before deleting your account. If not separately deleted, the content of the posts and comments will remain visible and disassociated from any account. If you want your posts and comments removed, follow the instructions on our help page.
Once the above mentioned information is removed to your satisfaction, please submit your deletion request by using your Reddit account and this form so we know it’s really you making the request.
Reddit Legal Support
Update #2: 2023-06-25
Reddit is still restoring deleted posts and comments. This video shows proof of comments and posts being deleted and then later being restored.
Really, the only way that Reddit can properly honor a GDPR / CCPA requests is to delete all comments and posts by any given user. Otherwise there is no guarantee that all PII has been removed.