[Aerroon]

>And when you do request them to remove the same, they ask you to provide ID proof.

On the other hand, imagine one day you try to log in to your Twitter/Facebook/whatever-the next-big-thing-is and you can't, because the company has deleted all your data upon your request. You didn't make that request though. Someone else did it, claiming to be you.

It gets even worse when you realize that people can request all the data the company has collected of themselves. What happens when somebody impersonates you and requests all of your data?

You need to have some kind of verification method that leads back to a real identity. Otherwise this can be massively abused. I doubt that even asking for a real ID is enough.

[lucb1e]

Twitter/Facebook/whatever-the next-big-thing-is doesn't have 9 out of 10 fields that are on my ID card. If I show them a piece of blacked-out plastic with only my first name visible, since that's the only piece of information they have about me, it won't help them identify me.

Yes, you need to prove that you're the data subject matching their records before they should act on your request, whatever that request may be. But uploading a copy of your ID card almost never serves that purpose. See also a bigger comment I wrote elsewhere in this thread with sources and examples: https://news.ycombinator.com/item?id=23957503

[1337shadow]

Ok but he didn't subscribe on that website.

[thierryzoller]

OP here - That's the point. They are not a data controller by that very simple fact. They are processing this data on an illegal basis. Any lawyer around that want to assist me suing in the US?

[1337shadow]

Did you reach La Quadrature Du Net ?

https://www.laquadrature.net/

Also check other CCC co-organizers & the political activist sphere.

[leereeves]

Would anyone actually be upset to discover that apollo.io was no longer tracking their information?

[rvnx]

Electronic signatures tied to your ID.

Don't delete instantly but after X days. Notify owner immediately.

Problem solved.

[jan6]

you mean like Estonia's digital signing? ;) and pretty sure that most sane-ish companies already delay and notify people of major stuff like account deletion and such, less hassle on both parts, company also benefits as it can just batch process requests weekly or monthly or so.