[astro_robot]

Can't that be a violation in the eyes of GDPR? If they don't give users a simple button, then can't that be argued to be not giving the user the ability to export data. The problem I have with GDPR is that there's so much open to interpretation.

[calciphus]

Articles 15 and 17 (dealing with deletion and access) both contain a provision where if the request is unfounded or excessive, you may charge a reasonable fee. You cannot charge a fee for compliance with standard requests, and "reasonable" is something that would likely be argued in court.

Source: https://ico.org.uk/for-organisations/guide-to-the-general-da...

Edit: mis-referenced article 15 as export instead of access.

[bkanber]

If you have an email address you can give users for privacy requests and a promised turnaround time (we will respond to all privacy messages in 7 days) you're OK.