Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

Is this even legal? Hiding data deletion behind login (after email request)

I wanted to delete my old oppo id account, and to do that I'll need to login into it, but I don't know the password.

Password reset requires saying when the account was created (month and year) and "tech support" can't help here either.

Is it legal to block / hide account deletion behind login in European countries? GDPR (and polish RODO) both talk about a right to data deletion, which in this case, I believe, isn't respected.

survivalmachine ,

saying when the account was created (month and year)

This is an absurd requirement, but do you have a ballpark idea, and does it let you continue to guess multiple times? Submit a few dozen password reset requests and if they complain, tell them to verify you via alternate means.

lypticdna ,

It has already been said but the company is complying in the sense that it is providing a solution whereby you can delete your account. That said, where you are unable to follow that process, they should offer you the same ability via email. Each company does things slightly differently but I would hazard a guess that an email stating that you find it more reasonable for the action to be carried out via email, they would be likely to comply.

The reasons why companies put these in place is simply to avoid mass requests for deletion and, as stated, to also protect you.

While email spoofing has been mentioned, it is somewhat unlikely anyone would send a request for deletion after spoofing your email, yet, it is not impossible.

You may have to be persistent, could use services that support or even get some pointers from the ICO. Here is a really good link https://ico.org.uk/for-the-public/your-right-to-get-your-data-deleted/

I wish you luck

taladar ,

What would prevent someone else from requesting the deletion of your account if there was no proof that you are the person whose account it is?

pacjo OP ,

I'm writing from the email associated with the account, this is enough for most services I encountered

mp3 ,
@mp3@lemmy.ca avatar

Emails can be spoofed.

pacjo OP ,

That's just how it is. If you try hard enough everything can be spoofed. You can also try guessing someone's password and creation date of an account. This is not the issue here.

mp3 ,
@mp3@lemmy.ca avatar

The issue is with support not giving you an adequate account recovery method, they're correct about validating ownership of the account tho.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • privacy@lemmy.ml
  • random
  • incremental_games
  • meta
  • All magazines
    •