A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

  • _TheNardDog_@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    No, it’s not at all legal for the company to do this. Reply and remind them they have one calendar month to comply from the date of your original request, otherwise you will make a complaint to which ever information regulator is correct for the juridiction they’re operating in.

    I’m a lawyer specialising in Data Privacy, reply here if you need more help on this one.

    Also feel free to name the company.

    • My Password Is 1234@lemmy.worldOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      For now, I do not want to announce the name of this company publicly.

      If they don’t want to solve it amicably, then I will do so.

      • sanpo@sopuli.xyz
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        They already said they don’t want to.

        They asked you to install the app on purpose, in hopes that you’ll decide it’s too much hassle and decide not to delete the account.

        • el_abuelo@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          1 year ago

          How do you know this?

          My first thought was “they probably want to ensure they are who they say they are and so want an authenticated request” - while that’s against GDPR, not everyone is as educated as they should be, and not every mistake is a nefarious activity.

          • sanpo@sopuli.xyz
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            There’s no reason an app should be more trustworthy than the email.
            It’s pretty standard for scummy companies to make the process as annoying as possible.

  • cosmicrookie@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Simply ask for the official company name, registration number and country as well as the prereree means of communication that they would like your local data authorities to contact them on.

    Also make a 1 star review, stating that you are in talks with your local gdpr authorities about their way of handling privacy.

    This worked for me last time a company asked me to download an app to delete my account

    • Nelots@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      Man, Elon really does ruin everything. Can’t even use X as a variable anymore without a disclaimer.

      • Hamartiogonic@sopuli.xyz
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        1 year ago

        How about using a programmer style variables like badCompanyName. You don’t have to be a mathematician. Sure, I can totally appreciate concise names, but some times you have to use longer names to avoid collisions.

      • Echo Dot@feddit.uk
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        It’s new name is “X, formally known as Twitter”. Which is what every news website on the planet calls it.

        Regardless the fact that X is a stupid name for a company, it’s also dumb to rename a popular company generally anyway.

  • PowerCrazy@lemmy.ml
    link
    fedilink
    arrow-up
    0
    arrow-down
    4
    ·
    1 year ago

    Cool clickbait. By censoring the company you are complaining about you are removing any possibility of confirming the story. Why would you do this? you are supposedly mad about the company and thus airing a public grievance, yet what could is a public grievance if no one know the target of your ire? Well it’s useless, so why would you post this? For internet points? Maybe go back to reddit.