Privacy

31876 readers

517 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

477

Meta not complying with GDPR (sh.itjust.works)

submitted 1 year ago by [email protected] to c/[email protected]

37 comments fedilink hide all child comments

Last week I received an email from Meta Plattforms Inc about their new ToS and Privacy Policy addressed to my first Name.

But I don't have any accounts on any services from Meta Platforms (I deleted them a few years ago). Therefore I contacted the DPO and requested a copy of my personal data and asked them to delete it according to GDPR.

They told me that there is no account associated to my email, I should provide my account details to the account in question, which I don't have. They are unable to help me with the data I provided and I should contact the irish or my local data protection authority and bring my claims before court.

So they obviously have at least my first name and my email address and refuse to comply with GDPR.

Has anyone had any simmilar experiences or any recommendations on my further actions?

I don't have the time and money to sue Meta, but I will contact my local data protection authority.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 20 points 1 year ago* (last edited 1 year ago) (1 children)

Well they have to, regardless of account status. If they don't, then as you say they're in violation and therefore you can report them to your local GDPR bureau, which every EU country has.

You don't have to sue Meta, the bureau has the authority to enforce compliance and give fines for every day they don't. Dunno how effective it is against entities like Meta, but they've been in hot water in a couple countries already.

Ed: ok I guess it's important how identifiable the data is. Monoliths like Meta do collect a ton of data which they technically can claim is anonymous... We'll see how that turns out eventually. But email and name are definitely personal data.

[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (1 children)

There's a really low bar for what is considered personal data. If they collect location data coupled to an "anonymous" ID, it's still personal data, because it shows you moving to your house and place of work every day. If you can infer a person's identity from the data, it's personal data.

So yeah them collecting your personal e-mail address and refusing to delete it is a clear violation of the GDPR.

[–] [email protected] 3 points 1 year ago

And in this case, they demonstrated they held email address linked to first name, and linked to account status. Having all that PII and refusing to both hand it over and to purge it is an open/shut violation. And the only way the fines will scale is if enough people report these violations. Meta counts on most people just ignoring them.