this post was submitted on 17 Nov 2023
55 points (96.6% liked)
Privacy
31609 readers
267 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
i guess it's related to the following; exercising your rights under gdpr requires the other party to be able to identify you. that's why they need this information. if you want to (potentially) fuck with them: first ask for a listing of all the information they have about you, before asking for deleting your data. this listing must contain the request itself. if your request is missing, they are likely breaking compliance rules.
I'm not quite understanding, do you mind breaking that down for me?
1.) Ask for a listing of all the information they have about you.
2.) If your aforementioned Deletion request (see title) is missing from that list, they are likely breaking compliance rules.
3.) ...
4.) Profit!
Thanks that's more clear, but will they not just ask for an ID again before they'd agree to send that info?
they they need to id you everytime you exercise your gdpr rights. there is nothing they can do about this.
That's just not true, I've put through a ton of requests in the past, for companies that had much more sensitive data (like payment details) and have never been asked for ID.
they need to identify you, not necessarily using your id card.
https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e2161-1-1
chapter 3, section 1, artcle 12, paragraphs 1 & 2.
Which they can by asking me to confirm who I am from the information they already have, the whole point is that they're demanding I provide additional documentation to prove my identity, which is complete overkill* and something that I have never come across, and shouldn't have to comply with.
But either way, if they need my ID before they'll provide my info, asking for it to try and catch them on a mistake only to be met by the same barrier (them demanding ID), it isn't going to work..
*(My brain can't deal with that document you linked right now, but the relevant governing body here (ICO) say "The organisation might need you to prove your identity. However, they should only ask you for just enough information to be sure you are the right person."
i doubt there is profit to be made. it's more to keep them busy and learning about gdpr.
The "profit" bit is just an old joke. Originally from South Park.
https://knowyourmeme.com/memes/profit