A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?
They were very friendly imo. No need to speak legalese or to be rude.
Just tell them that you can’t or don’t want to install the app.
If they don’t help you, then you proceed to remind them that you are not required to install anything for them to comply with GDPR.
Being friendly doesn’t negate the fact that they are out of compliance with the law. Even sending a second email to insist they delete your data is an undue burden.
You’re right, but sometimes a bit of undue courtesy repays in dividends. Not every minor infraction is nefarious and not every minor infraction deserves reporting. A simple courteous reminder of their obligations may save both parties some undue hassle.
I can imagine this company doing this to ensure only authenticated users can have their data removed. There are other ways…but this was probably what they considered reasonable and painless for all, admittedly they (wrongly) didn’t consider the audience of this community in that decision.
A simple courteous reminder of their obligations may save both parties some undue hassle.
Actually, the customer is already getting undue hassle, while the company is just breaking the law. Why can’t we just expect better?
Remember that you’re talking to some poorly paid person that has to deal with unhappy people all day and probably doesn’t even agree with these policies. This is no different than being in a restaurant - don’t be rude to service people. Be polite, but firm. You can express that you’re unhappy and that this isn’t acceptable in a way that doesn’t come off as berating some first level service drone.
Nobody broke the law lol.
I believe they have like a month to comply.
The just asked for a ticket in the app, to make their lifes easier. If OP doesn’t want to, they still have to comply though.
Now I remember why I hate working directly with customers.
I believe they have like a month to comply.
According to my training when I was handling my workplace’s GDPR request email companies have 30 days to respond. Meaning they could simply have a bot respond to all incoming emails on day 29 and say “we’re reviewing your request” and be in compliance for a while longer
There’s a good chance the customers just don’t like you.
removed by mod
It’s the bare minimum of friendliness expected in customer care. Most likely a macro which is normal with these kind of requests.
deleted by creator
OP send them one more request explaining that under GDPR you are not required to do anything more than request your data be deleted and they must comply. Explain to them that if they don’t do so in a timely manner you will be contacting your country’s data protection office and filing a complaint.
I like how they end it with “greetings”
Yeah that should definitely be flipped with the GOOD DAY SIR at the end.
I SAID GOOD DAY
GDPR clearly states you can contact any part of the organisation with your request. You can make your request verbally or in writing and they must acknowledge it. They can’t refuse and make you use their app.
For fun send them a Subject Access Request and if they don’t acknowledge it, report them to the ICO (if you’re in the UK)
eBay does this too. They told me they can’t access my data to delete it, that I have to log in with their website or app and send information to just get my data, let alone have it deleted.
Doesn’t ebay delete the account after certain amount of inactivity? Just let it lapse then?
Don’t think so. I haven’t been able to login to my ebay account for 10+ years, still get emails.
Doubtful - I leave my account for years at a time between logins, and it’s still active (have had the account since 2002 or so, and have had at least a 10 year span without any use).
Use this template in chat gpt…
Can you write an official letter for removal of my private data for (company name) and (my name). Use a strong tone and legalese langage. Make sure you verify the timeframe they must respond (act with 30 days of this letter) and any other specific to make sure they know what my rights are and that I am serious. List the typical types of data they might have on me. And write in a 1800L lexile scale.
Don’t do this.
Why?
chatgpt is not a lawer
It doesn’t matter since none is needed for this. I understand that the goal is to add filler with intimidating legalese, but I doubt that customer “support” is going to react as they expect.
It would be complete bullshit, but clearly the people on the other end would be too stupid to recognize it as such. So there’s really no reason not to do it as long as you’re aware that it’s an empty threat.
I think you could achieve the same without bullshitting by simply saying “Please delete my data within 30 days or I will report you to the relevant authorities”, but each to their own.
I’m sorry but you live in another universe from not finding this the perfect letter.
From chat gpt
[Your Name] [Your Address] [City, State, Zip] [Email Address] [Phone Number] [Date]
[Recipient Name] [Company Name] [Company Address] [City, State, Zip]
Subject: Formal Request for Immediate Erasure of Personal Data
Dear [Recipient Name],
I am writing to formally request the immediate erasure of all personal data pertaining to myself, [Your Name], from your systems in accordance with Article 17 of the General Data Protection Regulation (GDPR). This entails the deletion of my data from your databases and any other processing systems within your organization.
The categories of data I am referring to include, but are not limited to:
- Personal identification information (name, address, email, phone number)
- Professional data (job title, employer, professional contacts)
- Financial data (bank account details, transaction history)
- Technical data (IP addresses, cookie data, browsing history)
- Any other category of data related to me.
You are hereby instructed to ensure this erasure without undue delay and, in any event, within thirty (30) days of receipt of this letter. Failure to comply within this timeframe will compel me to take further legal action to enforce my rights under the GDPR.
I further request that you provide written confirmation upon successful deletion of my data, indicating that no personal data pertaining to me remains in your possession, custody or control.
In the event that you require any additional information to comply with this request, you may contact me via email or phone, as provided above.
Thank you for your prompt attention to this serious matter.
Sincerely,
[Your Signature (if sending a hard copy)] [Your Name (printed)]
Catch 22: give ChatGPT your data, then try to delete your ChatGPT account using ChatGPT
You can ask the text without name and write it after… I mean really? Search on hugging face for free LLM (that’s the kind of ai of chat gpt) and try it for free without registration there is that’s suuuch a thing
Oh I was just joking :)
How are you going to speak to it without revealing any information though? It now knows you need legal advice.
Cool clickbait. By censoring the company you are complaining about you are removing any possibility of confirming the story. Why would you do this? you are supposedly mad about the company and thus airing a public grievance, yet what could is a public grievance if no one know the target of your ire? Well it’s useless, so why would you post this? For internet points? Maybe go back to reddit.
Bro shut up PLEASE
The purpose of this post was to find out if what they do is legal. That is, if I have the right to file a complaint. I’m not obliged to tell you the name of the company. I have things to do and I don’t care about “internet points”, as you call them.
You say you don’t “Care about internet points” and you have “things to do” yet you constantly post and comment on AI generated memes. It’s ok if you want to enjoy things online. It’s also ok if you do deeply care about internet points, but don’t outrage farm.
I don’t know, maybe? If they have a process, no matter how laborious and roundabout, they can always claim that they have a process and that you have nothing to complain about, legally speaking. Their wagering that people will not go through all the bullshit, and they’re unfortunately right. That’s literally why they do it. The only correct response is to hound them relentlessly, going to Twitter (or something else idk these days, and I’m not calling it X), the press if necessary, and pestering as many government bodies and officials as you have to in order to make them get their fucking shit together. And then they’ll make your particular situation of priority because now you’re being more of a pain in the ass than actually doing their job is. They won’t change the broken system, because one exception in a thousand isn’t worth it to them to be bothered with.
Tldr, maybe but it probably won’t help you, so make it as big of a headache for them as possible.
They don’t get to make it harder to cancel than to sign up
In the EU you don’t need to follow their process. Any GDPR request can be made to them through any channel and they must comply. If they don’t, then the next step is to file a complaint with your local data protection office, or the data protection office of the European country where the offending company is represented.
I had a simmilar situation with Nicehash (crypto shit company), but I had 2fa enabled and just wanted to unsubscribe from useless newsletters. They asked for a photo of me holding a paper with my personal information. Still didnt solve that, but some comments here might help, following
You can just call them a crypto company, them being shit is kind of implied.
I understand the hate, especially in this community. IMO not all crypto companies are shit, but nicehash is leader in being shit 😉
I had this before, though not through a direct communication. Someone had gotten my email credentials someho and installed a company’s app and made an account. When I went through the support pages on the company’s site to find out how to delete the account the only listed way was through the app itself.
They were accommodating and helpful when I emailed the company about it though. I just told them that I can’t agree to the privacy policy and thus cannot install the app but still need the account to be deleted. They did it.
expired
Man, Elon really does ruin everything. Can’t even use X as a variable anymore without a disclaimer.
“As you can see on this graph, the Twitter axis represents time, and the Y axis represents total number of unique visitors”
An X is an X, the social network shall be known as X, formerly Twitter /J
It’s causing hell of problems to mathematicians worldwide.
Suddenly, every math formula ever written is subject to copyright and royalties.
They are left asking Y.
How about using a programmer style variables like badCompanyName. You don’t have to be a mathematician. Sure, I can totally appreciate concise names, but some times you have to use longer names to avoid collisions.
I prefer [insertconpanynamehere] but in this case name and shame almost seems more appropriate.
Csmel case isn’t POSIX complaint. Underscores ftw /s
Fuck that, I refuse to give him the letter. He can pry it from my cold dead hands as he chokes on my liver!
This is why I always call it twitter. X is a variable
It’s new name is “X, formally known as Twitter”. Which is what every news website on the planet calls it.
Regardless the fact that X is a stupid name for a company, it’s also dumb to rename a popular company generally anyway.
“Twitter” is shorter
It is an ex-social-platform. It is now a pile of garbage.
It was always a pile of garbage…
Too true.
There is some arguement to be made that Facebook was kind of good at first. It was useful and it had social impacts that were positive. Over time it became toxic.
Twitter was awful from day one though, mostly because it was bloody useless from day one. Everything that anybody used it for could have been done, and generally was also done, on Facebook, so there was literally no point in the platform.
Good point. Now it is a steaming pile of hot garbage. Haha
No. They are obligated to obey the law as written. They don’t get to create conditions.
Name and shame the company
Then you, kindly dispose urself of all my personal data.
—Dictated but not read, fuck you Me(also take me to ur leader)
