As the title says, Reddit replied to my GDPR request to delete all my data saying I had to do it first, which I suspect is in violation of GDPR law.
Reddit’s argument is that to comply with GDPR, they just need to dossociate your account from your posts, so the latter cannot be traced back to you. However, the argument could be made that the posts themselves are enough data to be linked to you.
Is there any type of response that could be framed in legal terms to make reddit really remove all the content from my account?
I think it’s untested whether this is legal or not; it’s in a legal grey zone. Try to find an online script to help you delete all your posts. Alternatively turn the question to your national agency which handles GDPR compliance.
With the API shutting down, I believe there is no longer an automated way to delete all content. I would focus more attention on the latter suggestion.
Actually, the API hasn’t shut down. It’s just you get a bill if you go over 100 api calls per minute, but existing scripts like github shreddit can be easily modified to include a builtin delay to prevent that from happening. Alternatively you can pay shreddit.com $15 to do this for you and not worry about it (they use their own API key i figure though I don’t know the specifics, but I imagine they have a setup that prevents them from going over the limit as well).
I rushed in a bit of a panic to get all of my stuff deleted, not even waiting for the response to my data retrieval request (see https://kbin.social/m/RedditMigration/t/65260/PSA-Here-s-exactly-what-to-do-if-you-hit-the ) before I realized this.