A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

  • el_abuelo@lemmy.ml
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    How do you know this?

    My first thought was “they probably want to ensure they are who they say they are and so want an authenticated request” - while that’s against GDPR, not everyone is as educated as they should be, and not every mistake is a nefarious activity.

    • sanpo@sopuli.xyz
      link
      fedilink
      arrow-up
      49
      ·
      1 year ago

      There’s no reason an app should be more trustworthy than the email.
      It’s pretty standard for scummy companies to make the process as annoying as possible.

    • activ8r@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      The individual responding isn’t the issue. They haven’t made any decision to respond like this, they are following a script.

      The script is written by people who should know exactly what they are doing, so the result is either malice or negligence. Either way it’s unacceptable where the law is concerned.