
GDPR Documents: Your Right to be Informed and Erased - neon_me
https://github.com/good-lly/gdpr-documents
======
Guzba
If someone took a leaked dataset, like for example the Dixons Carphone leak
with 1.2 million records with personal info, then generated 1.2 million
letters using the template from this repo, that would make for an interesting
DoS attack.

With that in mind, a big blast is also easy to filter out.

Perhaps, instead of sending them all at once, you sent a random number from 1
to 100 per day, every day, indefinitely. No way to filter out the bogus
requests, forced work for the company, and unknown consequences of having
these people emailed about their private information usage. Chaotic good or
chaotic evil? I have my opinion.

~~~
icebraining
Companies not only can, but are actually required, to verify your identity
before giving out data. They can just send a template email with the necessary
steps to verify it, and only do the work when that is done.

~~~
Guzba
People getting letters / emails about verifying their identity with a company
would be a perfect outcome depending on your goal.

~~~
icebraining
What would that gain, compared to e.g. using the "reset password" form that
most sites have now?

------
megous
It's probably not very useful to ask for too much, in a generic manner. My
approach is to ask about what is not obvious or answerable by reading the
privacy policy.

For example source of particular data point that I have not given myself (like
phone number, etc.), and that is not publicly available.

Most of the answers to questions in the access request are usually available
on the comapny's website already. And if you send generic sounding e-mail,
you'll get a generic reply to read the privacy policy.

------
abootstrapper
So when will we be able to delete hacker news accounts?

~~~
hombre_fatal
Probably the same time HN gets a "this site has cookies" popup.

~~~
Nextgrid
Why would HN need one? HN only uses a session cookie, placed when you log in,
which falls under legitimate interest (as there's no other way to provide
their service overall).

I wish the idea that all cookies require disclosure would die. Cookies don't
require disclosure per-se. Stalking and tracking, regardless of method
(whether it's a cookie, a token in the URL, in local storage, browser
fingerprinting, etc) requires consent - cookies for functional purposes (hint:
stalking doesn't count) don't require consent.

------
ajxs
Has anyone here made a request for their information under the GDPR laws? I'm
curious about what they received back. I'm specifically curious regarding the
FAANG companies, and what kind of responses people have received from
companies which so directly profit from customer data. Forgive any naïveté
regarding the implementation of the laws if they have a built-in mechanism to
defeat this, but I'd imagine that the companies would make the entire process
as arbitrarily difficult as they legally could.

Also, as a non-EU resident, do I have any ability to make such a request? I
suppose the answer is 'no' from a strictly legal standpoint, but is it
possible in practice? Or will the company require a comprehensive verification
process that precludes such illegitimate requests.

~~~
number6
I would advice companies to also answer requests from non-EU residents. There
is no discrimination between EU citizens and non-EU citizens in the Articles.

~~~
ajxs
Thank you for pointing that out. I'll have a look for myself and based on what
I see I might send request in anyway. At very least I'll be able to
definitively conclude what the response of these companies will be.

------
gloflo
A sibling repo to collect anonymised datasets would be superb. Or does that
exist already?

~~~
neon_me
I don't know any. But would support anything like that.

What we plan now is to finalize erase request, start translations into the
most of European languages as well as create some static page for generating
those PDFs via entering data via form ... (list of authorities to report would
be also great - because, from my experience, most of the results of the
request were fails (from the company side))

