|
|
|
|
|
|
by icebraining
2816 days ago
|
|
|
What earthly consumer is going to go through these steps? I have requested the removal of my personal data from multiple business, and I can assure you I'm quite earth-bound. Copy-pasting a template and filling in my name and account ID is not that hard. |
|
|
I guess the problem with email for this process is that you have a number of questions, all of which may not have an easy answer.
1. Identify an email address -- is this standardized? Searching "GDPR address for cnn" gives nothing, and similar more general queries yield little information.
2. Identify a template -- is there a standard one? I see a bunch of websites that claim to have them, looks like 'datarequests.org' is a good(?) one? It seems to have only a small set of sites that can be submitted. The template is incredibly verbose and it isn't clear how to request specific information; would that typically happen as part of a dialog?
3. Identify an account number/user name/verification of identity -- is there a standardized process for this? Could someone else send a request to remove my data? What is the process for this and how can I activate it?
4. Email is not a structured medium. I don't want to get into a whole conversation about this; I want to see the data about me and be able to remove bits of it.
Note that as a software developer #4 sounds kind of ridiculous to me, since user data can be represented in a variety of site-specific manners, and the existing pre-GDPR protections put in place for PII make this almost impossible. But to an end user it feels like it should be a natural thing and having to deal with a number of complex bespoke systems sounds like a pretty heavy load.
I can see the GDPR in this sense being useful for celebrities and the wealthy, who can afford managers or consultants to take this action on their behalf, but not for people like my parents, for whom even step 1 is daunting.