GDPR accounts are accounts renamed to unidentifiable usernames to comply with a request to do so under the European Union's General Data Protection Regulation law. The accounts' join dates are usually set to January 1, 2000 (a false date) to remove the join date information from public view. The location information is usually removed as well, showing as "Location not given".

The original usernames of most GDPR accounts are unknown.

The profile of gdpr0000001, the first known user to have a GDPR account deletion, as well as the most well known


See also: List of Misconceptions about Scratch

gdpr0000001 (the first known GDPR account) is commonly believed to be the first account created on Scratch due to its join date, but the first user was actually wrgsfhwbxvb who was created earlier in real time, without having their join date altered.[1] andresmh, who created the site, is the oldest user who has not been deleted.[2]

It is also commonly believed that some of the GDPR accounts are test accounts[3][4] created by Scratch Team members[5], however it is just as likely that the account belonged to a regular user who wanted their data deleted under the General Data Protection Regulation act.

GDPR Account Bugs

Following a GDPR Account

There was a bug that allowed users to follow accounts that were anonymized on Scratch because of GDPR. This bug was first discovered in 2020, and spread among users.[6] Here is the code that allowed following GDPR accounts using the console on the wiped user's profile page:


Unfollowing the Account

To unfollow the account, one could just replace the "add" with "remove" or paste this code:


Remaining Data Bug

Sometimes data from a GDPR'ed user still remains, such as comments, favorite projects, forum posts, etc.[7][8] People can use these data to find the original usernames of GDPR accounts.


Cookies help us deliver our services. By using our services, you agree to our use of cookies.