A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

  • sanpo
    link
    fedilink
    arrow-up
    168
    arrow-down
    1
    ·
    1 year ago

    They already said they don’t want to.

    They asked you to install the app on purpose, in hopes that you’ll decide it’s too much hassle and decide not to delete the account.

    • el_abuelo@lemmy.ml
      link
      fedilink
      arrow-up
      6
      arrow-down
      22
      ·
      1 year ago

      How do you know this?

      My first thought was “they probably want to ensure they are who they say they are and so want an authenticated request” - while that’s against GDPR, not everyone is as educated as they should be, and not every mistake is a nefarious activity.

      • sanpo
        link
        fedilink
        arrow-up
        48
        arrow-down
        1
        ·
        1 year ago

        There’s no reason an app should be more trustworthy than the email.
        It’s pretty standard for scummy companies to make the process as annoying as possible.

      • activ8r@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        The individual responding isn’t the issue. They haven’t made any decision to respond like this, they are following a script.

        The script is written by people who should know exactly what they are doing, so the result is either malice or negligence. Either way it’s unacceptable where the law is concerned.