this post was submitted on 23 Oct 2023

9 points (100.0% liked)

Privacy

36863 readers

971 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

I asked them to delete my data, they said "Install our app" (lemmy.world)

submitted 2 years ago by mypasswordis1234@lemmy.world to c/privacy@lemmy.ml

62 comments fedilink hide all child comments

A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

top 50 comments

sorted by: hot top controversial new old

[–] _TheNardDog_@lemmy.world 14 points 2 years ago* (last edited 2 years ago) (29 children)

No, it’s not at all legal for the company to do this. Reply and remind them they have one calendar month to comply from the date of your original request, otherwise you will make a complaint to which ever information regulator is correct for the juridiction they’re operating in.

I’m a lawyer specialising in Data Privacy, reply here if you need more help on this one.

Also feel free to name the company.

[–] cheese_greater@lemmy.world 5 points 2 years ago

Fuck them and bless u lol

load more comments (28 replies)

[–] yoz@aussie.zone 5 points 2 years ago

Name and shame the company

[–] SpaceNoodle@lemmy.world 4 points 2 years ago

Name & shame.

[–] cosmicrookie@lemmy.world 1 points 2 years ago (1 children)

Simply ask for the official company name, registration number and country as well as the prereree means of communication that they would like your local data authorities to contact them on.

Also make a 1 star review, stating that you are in talks with your local gdpr authorities about their way of handling privacy.

This worked for me last time a company asked me to download an app to delete my account

[–] Ferris@infosec.pub 1 points 2 years ago

prereree -> preferred?

[–] cheese_greater@lemmy.world 1 points 2 years ago* (last edited 2 years ago)

Then you, kindly dispose urself of all my personal data.

—Dictated but not read, fuck you Me(also take me to ur leader)

[–] Jimmycrackcrack@lemmy.ml 1 points 2 years ago* (last edited 2 years ago)

I had this before, though not through a direct communication. Someone had gotten my email credentials somehow and installed a company's app and made an account. When I went through the support pages on the company's site to find out how to delete the account the only listed way was through the app itself.

They were accommodating and helpful when I emailed the company about it though. I just told them that I can't agree to the privacy policy and thus cannot install the app but still need the account to be deleted. They did it.

[–] Blackmist@feddit.uk 0 points 2 years ago (1 children)

It's way too easy to spoof email "from" addresses.

There should be a way to do it through their website though. Requiring an app is just stupid.

[–] mypasswordis1234@lemmy.world 1 points 2 years ago* (last edited 2 years ago) (1 children)

Their site is just a landing page, there's no login option or anything like that. Their business is a smartphone application.

Edit: Gmail uses SPF, DMARC and DKIM signing so spoofing is not possible if their email services are configured properly.

[–] Onioneer@sopuli.xyz 1 points 2 years ago (1 children)

SPF/DKIM/DMARC does not prevent sending the spoofed message, though. It is up to the recipient system to filter out the message should the checks fail. Even then, the message often lands into spam instead of being dropped.

[–] mypasswordis1234@lemmy.world 0 points 2 years ago (1 children)

Anyway they should configure their systems to reject unsigned e-mails and providers that don't have a proper SPF configuration. SPF (Sender Policy Framework) allows you to make sure that the message was sent by an approved server and was not forged by some hackur.

[–] fatalError@lemmy.sdf.org 0 points 2 years ago (1 children)

You'd be surprised how many legitimate email are sent with failed SPF. Even Microsoft sometimes doesn't update their MX records and the SPF fails.

[–] Onioneer@sopuli.xyz 1 points 2 years ago

That is especially true with large organizations where multiple non-technical teams are ordering/configuring products that send email.

Unfortunately it is difficult to solve, unless services stop allowing sending without verifying and forcing proper configuration. That would drive sales to competitors who do not enforce this, though.

[–] vsis@feddit.cl 0 points 2 years ago (1 children)

They were very friendly imo. No need to speak legalese or to be rude.

Just tell them that you can't or don't want to install the app.

If they don't help you, then you proceed to remind them that you are not required to install anything for them to comply with GDPR.

[–] themeatbridge@lemmy.world 2 points 2 years ago (1 children)

Being friendly doesn't negate the fact that they are out of compliance with the law. Even sending a second email to insist they delete your data is an undue burden.

[–] el_abuelo@lemmy.ml 0 points 2 years ago (1 children)

You're right, but sometimes a bit of undue courtesy repays in dividends. Not every minor infraction is nefarious and not every minor infraction deserves reporting. A simple courteous reminder of their obligations may save both parties some undue hassle.

I can imagine this company doing this to ensure only authenticated users can have their data removed. There are other ways...but this was probably what they considered reasonable and painless for all, admittedly they (wrongly) didn't consider the audience of this community in that decision.

[–] Rodeo@lemmy.ca 1 points 2 years ago (2 children)

A simple courteous reminder of their obligations may save both parties some undue hassle.

Actually, the customer is already getting undue hassle, while the company is just breaking the law. Why can't we just expect better?

load more comments (2 replies)

[–] Etterra@lemmy.world 0 points 2 years ago (1 children)

I don't know, maybe? If they have a process, no matter how laborious and roundabout, they can always claim that they have a process and that you have nothing to complain about, legally speaking. Their wagering that people will not go through all the bullshit, and they're unfortunately right. That's literally why they do it. The only correct response is to hound them relentlessly, going to Twitter (or something else idk these days, and I'm not calling it X), the press if necessary, and pestering as many government bodies and officials as you have to in order to make them get their fucking shit together. And then they'll make your particular situation of priority because now you're being more of a pain in the ass than actually doing their job is. They won't change the broken system, because one exception in a thousand isn't worth it to them to be bothered with.

Tldr, maybe but it probably won't help you, so make it as big of a headache for them as possible.

[–] Natanael@slrpnk.net 1 points 2 years ago

They don't get to make it harder to cancel than to sign up

[–] 7heo@lemmy.ml 0 points 2 years ago* (last edited 1 year ago) (2 children)

expired

[–] Nelots@lemm.ee 1 points 2 years ago (1 children)

Man, Elon really does ruin everything. Can't even use X as a variable anymore without a disclaimer.

[–] driving_crooner@lemmy.eco.br 1 points 2 years ago (1 children)

It's causing hell of problems to mathematicians worldwide.

[–] PersnickityPenguin@lemm.ee 1 points 2 years ago

Suddenly, every math formula ever written is subject to copyright and royalties.

[–] library_napper@monyet.cc 1 points 2 years ago

This is why I always call it twitter. X is a variable

load more comments