14·
11 days agoAye it’s ass. Even the temp mail idea is flawed because at some point you need to confirm your identity/ownership of the account.
I did a huge GDPR cleanup of various accounts I owned based on what I had and wanted gone from my password manager at the time. A mix of:
- Please fill out this pdf with all your details of all the information you want deleted. If we can’t find the data base don that form then it’s on you. (Unnecessary amount of work. Solution, report to national GDPR Rep for obfuscation.)
- Non-response from any active email. (Illegal for companies with operation sin the EU. Report to national GDPR rep for non0compliance.)
- Did not respond for 30 days (Illegal for companies with operation sin the EU. Report to national GDPR rep for non0compliance.)
- Asked for an extension to 60 days (Only possible in certain extreme circumstances that they need to prove to you. Report to national GDPR rep.)
- Asked for copy of passport to confirm identity. (Unnecessary if emailing from the email they have on file. Tell them this. If they don’t delete/ignore report them to national GDPR rep.)
- Self-service deletion does not work and customer service will only refer you to that self-service. (Report to national GDPR rep.)
And probably more I don’t remember. Maybe 30% of companies I reached out to actually just deleted it and confirmed as such within 30 days. If you’re doing similar then you’ve got to get good at reporting people to strong arm them, especially if they just no respond after 30 days. Gotta proactively stay on top of that.
So I don’t know the company you’re contacting but this should help: part of GDPR legislation is that you can contact and live email the company has and make your legally mandated demands that your data be deleted under GDPR. If they ask that you create an account to submit a request then you can claim this is unnecessary and obfuscatory to the purpose of deleting account details.
Make sure you tell them they have 30 days. Make sure you ask for all data related to your email, name, identity, phone numbers, whatever… to be deleted. Quote the parts of GDPR legislation that are relevant to this (it’s actually quite short so worth a read), and send them a link to the national authority you will report them through if they don’t provide a satisfactory resolution in 30 days.
I did this for Hermes, an atrocious courier company in the UK who I hadn’t used for anything for about 7 years. I got bounced around but eventually got a direct email to their data handlers. They demanded I give them a passport to prove my identity. I told them that the email I’m messaging from is more than enough for them to confirm. No response for 20 days (the timer was ticking from when I first emailed anyone at their company with the request) then they deleted my information right before the deadline and confirmed it with me.
Bastards, but if you’re committed to reporting them then that seems to be good enough leverage for many crappy companies.