A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
No, it’s not at all legal for the company to do this. Reply and remind them they have one calendar month to comply from the date of your original request, otherwise you will make a complaint to which ever information regulator is correct for the juridiction they’re operating in.
I’m a lawyer specialising in Data Privacy, reply here if you need more help on this one.
Also feel free to name the company.
Fuck them and bless u lol
For now, I do not want to announce the name of this company publicly.
If they don’t want to solve it amicably, then I will do so.
They already said they don’t want to.
They asked you to install the app on purpose, in hopes that you’ll decide it’s too much hassle and decide not to delete the account.
How do you know this?
My first thought was “they probably want to ensure they are who they say they are and so want an authenticated request” - while that’s against GDPR, not everyone is as educated as they should be, and not every mistake is a nefarious activity.
There’s no reason an app should be more trustworthy than the email.
It’s pretty standard for scummy companies to make the process as annoying as possible.The individual responding isn’t the issue. They haven’t made any decision to respond like this, they are following a script.
The script is written by people who should know exactly what they are doing, so the result is either malice or negligence. Either way it’s unacceptable where the law is concerned.
Removed by mod
Why not? That’s so weird…
Think of the poor corporation! If they get punished for their illegal buisness practices, it’ll hurt the economy and people will be less inclined to start a small buisness. Didn’t you study piss down economics?
“WHAT ABOUT THE TRUE VICTIMS HERE! WHY DOESN’T ANYONE CARE ABOUT THOSE HARDWORKING, SALT-OF-THE-EARTH SHAREHOLDERS! ARE YOU PEOPLE FUCKING COMMUNISTS?!”
Hahaha
I guess the company is embarrassing in some way.
Must be something that makes you look bad lol
Otherwise you’d just say it. You owe them nothing and they’ve broken the fuckin law and you’re protecting them? What do they have on you?
Or maybe they just want to disclose as little of their personal information, including services relied on, on an open platform like this. Idk if that’s the case, but playing devil’s advocate here
Personal information like the name of a company they bought something from?
Please
Maybe it’s a company with only 3 customers.
Then maybe don’t post it at all?
Why should they not? They posted an inquiry, looking for advice. That is their reason for posting.
They do not owe personal information beyond what is required to answer the question. And typically, with regards to anything resembling a legal matter, the less information posted publicly, the better.
I will never understand why people complain online then do this. Why are you being such a pushover. What does amicably even mean to you?
Feetfinders.com? Heh
That reminds me, I might have to put in a formal complaint for a somewhat similar matter.
Bought concert cards years ago, and was never able to unsubsribe from the newsletter. I sent requests to every mail address I could find, and never even got a response. Still got newsletters every now and then though.
They also just make it unnecessarily hard to contact them, so at this point I’m not sure my messages even reached them, which hopefully is what explains their failure to comply.
Depending on country there’s probably some regulator office which you can send a complaint to
France in that case, so that would go to the CNIL. Though they want people to make an account to put in complaints online.
expired
Man, Elon really does ruin everything. Can’t even use X as a variable anymore without a disclaimer.
Fuck that, I refuse to give him the letter. He can pry it from my cold dead hands as he chokes on my liver!
How about using a programmer style variables like badCompanyName. You don’t have to be a mathematician. Sure, I can totally appreciate concise names, but some times you have to use longer names to avoid collisions.
I prefer [insertconpanynamehere] but in this case name and shame almost seems more appropriate.
An X is an X, the social network shall be known as X, formerly Twitter /J
It’s causing hell of problems to mathematicians worldwide.
Suddenly, every math formula ever written is subject to copyright and royalties.
It is an ex-social-platform. It is now a pile of garbage.
It was always a pile of garbage…
No. They are obligated to obey the law as written. They don’t get to create conditions.
GDPR clearly states you can contact any part of the organisation with your request. You can make your request verbally or in writing and they must acknowledge it. They can’t refuse and make you use their app.
For fun send them a Subject Access Request and if they don’t acknowledge it, report them to the ICO (if you’re in the UK)
I had this before, though not through a direct communication. Someone had gotten my email credentials somehow and installed a company’s app and made an account. When I went through the support pages on the company’s site to find out how to delete the account the only listed way was through the app itself.
They were accommodating and helpful when I emailed the company about it though. I just told them that I can’t agree to the privacy policy and thus cannot install the app but still need the account to be deleted. They did it.
Name & shame.
Simply ask for the official company name, registration number and country as well as the prereree means of communication that they would like your local data authorities to contact them on.
Also make a 1 star review, stating that you are in talks with your local gdpr authorities about their way of handling privacy.
This worked for me last time a company asked me to download an app to delete my account
I had a simmilar situation with Nicehash (crypto shit company), but I had 2fa enabled and just wanted to unsubscribe from useless newsletters. They asked for a photo of me holding a paper with my personal information. Still didnt solve that, but some comments here might help, following
eBay does this too. They told me they can’t access my data to delete it, that I have to log in with their website or app and send information to just get my data, let alone have it deleted.
Doesn’t ebay delete the account after certain amount of inactivity? Just let it lapse then?
Don’t think so. I haven’t been able to login to my ebay account for 10+ years, still get emails.
Then you, kindly dispose urself of all my personal data.
—Dictated but not read, fuck you Me(also take me to ur leader)
I don’t know, maybe? If they have a process, no matter how laborious and roundabout, they can always claim that they have a process and that you have nothing to complain about, legally speaking. Their wagering that people will not go through all the bullshit, and they’re unfortunately right. That’s literally why they do it. The only correct response is to hound them relentlessly, going to Twitter (or something else idk these days, and I’m not calling it X), the press if necessary, and pestering as many government bodies and officials as you have to in order to make them get their fucking shit together. And then they’ll make your particular situation of priority because now you’re being more of a pain in the ass than actually doing their job is. They won’t change the broken system, because one exception in a thousand isn’t worth it to them to be bothered with.
Tldr, maybe but it probably won’t help you, so make it as big of a headache for them as possible.
They don’t get to make it harder to cancel than to sign up
deleted by creator
Use this template in chat gpt…
Can you write an official letter for removal of my private data for (company name) and (my name). Use a strong tone and legalese langage. Make sure you verify the timeframe they must respond (act with 30 days of this letter) and any other specific to make sure they know what my rights are and that I am serious. List the typical types of data they might have on me. And write in a 1800L lexile scale.
I’m sorry but you live in another universe from not finding this the perfect letter.
From chat gpt
[Your Name] [Your Address] [City, State, Zip] [Email Address] [Phone Number] [Date]
[Recipient Name] [Company Name] [Company Address] [City, State, Zip]
Subject: Formal Request for Immediate Erasure of Personal Data
Dear [Recipient Name],
I am writing to formally request the immediate erasure of all personal data pertaining to myself, [Your Name], from your systems in accordance with Article 17 of the General Data Protection Regulation (GDPR). This entails the deletion of my data from your databases and any other processing systems within your organization.
The categories of data I am referring to include, but are not limited to:
- Personal identification information (name, address, email, phone number)
- Professional data (job title, employer, professional contacts)
- Financial data (bank account details, transaction history)
- Technical data (IP addresses, cookie data, browsing history)
- Any other category of data related to me.
You are hereby instructed to ensure this erasure without undue delay and, in any event, within thirty (30) days of receipt of this letter. Failure to comply within this timeframe will compel me to take further legal action to enforce my rights under the GDPR.
I further request that you provide written confirmation upon successful deletion of my data, indicating that no personal data pertaining to me remains in your possession, custody or control.
In the event that you require any additional information to comply with this request, you may contact me via email or phone, as provided above.
Thank you for your prompt attention to this serious matter.
Sincerely,
[Your Signature (if sending a hard copy)] [Your Name (printed)]
Gmail. How ironic
That’s really not cool that you’re upfront about your assumptions. I’m moving from Gmail to another mail provider and, in the process, deleting accounts I don’t use. Please don’t assume in advance something you have no idea about.
I was in the same situation as you a year ago. Deleted my Google and Microsoft accounts. Would you mind sharing what new services you have settled with?
For some critical services (such as banks, hosting providers, etc.) I use ProtonMail. For the rest of the stuff, I have my own email server hosted at my home set up with a VPN tunnel to OVH (data is kept on a server at my home, but the server is publicly available from the Internet thanks to a cheap VPS from OVH). The most private is what you have full control over.
With this solution, I have full control over my data.
Wow that’s pretty advanced. I always thought about hostim my own email server but then people reminded me that I might get blocked or classiefied as spam so it didn’t seem worth the effort. I don’t use email that often anyways.
Just because you content to a data stark foes not mean you consent to all data sharks.
Cool clickbait. By censoring the company you are complaining about you are removing any possibility of confirming the story. Why would you do this? you are supposedly mad about the company and thus airing a public grievance, yet what could is a public grievance if no one know the target of your ire? Well it’s useless, so why would you post this? For internet points? Maybe go back to reddit.
The purpose of this post was to find out if what they do is legal. That is, if I have the right to file a complaint. I’m not obliged to tell you the name of the company. I have things to do and I don’t care about “internet points”, as you call them.
You say you don’t “Care about internet points” and you have “things to do” yet you constantly post and comment on AI generated memes. It’s ok if you want to enjoy things online. It’s also ok if you do deeply care about internet points, but don’t outrage farm.
