[h0mEDw]

I'm not familiar with how GSM networks operate. Why would I send a request to Huawei or Ericsson? Don't they just provide networking equipment? Or do they also provide services, part of which may be relevant for end user privacy?

[jgibson]

My info may be a little dated, but yes, most of these companies (Huawei, Ericsson, Alcatel-Lucent, etc) also provide network services and ops to run the network.

[Jolter]

Disclaimer: I work at Ericsson but am not directly involved in any network operations.

Ericsson provides operations service for a number of telecom operators. This means, the operators own the equipment and make the decisions, while Ericsson does the maintenance, supervision and troubleshooting of the network. This is usually done on contracts of three to ten years, after which time the operator may choose to renew or to contract with one of our competitors.

I could certainly be wrong, but my impression is that in this scenario Ericsson is not the data custodian according to the GDPR. It would be interesting to know what the outcome is, if anyone were to make a GDPR request to my employer.

[h0mEDw]

Good to know, thank you! It should be enough to harass one's provider, but perhaps a more broad approach will work.