870

A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

you are viewing a single comment's thread
view the rest of the comments
[-] wido@lemmy.tf 18 points 1 year ago

They literally replied to his registered email and he has the reply. That would indicate that he has at least access to the account. So with OP's next email quoting the reply ownership over the associated email address should be reasonably established.

[-] HeartyBeast@kbin.social 7 points 1 year ago

That would indicate that ~~he~~ someone has at least access to the account.

[-] nybble41@programming.dev 1 points 1 year ago

If you can read emails sent to a given address, and send replies from that address, it basically is your email address for all practical purposes no matter who was meant to be using the account. This is not necessarily a good thing and better end-to-end security would be nice but it is what it is. Odds are the app itself would let anyone change the password and log in provided they can read the emails, unless it's using some form of 2FA.

this post was submitted on 23 Oct 2023
870 points (98.2% liked)

Privacy

31874 readers
349 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS