Hacker News new | ask | show | jobs
by probably_wrong 1655 days ago
If you are in Europe, and at least for email, it is regulated.

The GDPR's Right to Data Portability means that a company is obligated to give you access to your personal data - they are within their right not to have you as a customer anymore, but they must give you at least a copy of whatever data they already have.

Of course, you'll probably have to jump some hoops to prove that you are you, but IMHO that's a reasonable compromise.
2 comments
dahfizz 1655 days ago
> Of course, you'll probably have to jump some hoops to prove that you are you, but IMHO that's a reasonable compromise.

But how can I prove I own my email if I don't have the credentials / Google won't let me log in?

link
probably_wrong 1655 days ago
I wrote about my experience for that exact same situation here:

https://7c0h.com/blog/new/lost_gmail_ii.html

In short, you can send their Data Protection Office a letter demanding access to your data. In my case it took almost three months but they eventually relented and reset my password. I guess a lawyer could have gotten it done faster, but who knows.

link
dahfizz 1655 days ago
Did they ever verify the you had the old password / recovery email like you offered? It seems strange to me that they reset an account password because they got many letters asking them to.
link
probably_wrong 1655 days ago
All e-mail communications were sent through the same address I gave as recovery address, so they didn't have to ask. It is possible that one of their e-mails was sent to my recovery address instead of my personal address, but since they are the same account I wouldn't know.
link
dahfizz 1655 days ago
Ah, that makes sense. I'm glad it worked out for you!
link
cunthorpe 1655 days ago
Thanks for sharing this! I'm glad that there's a way
link
londons_explore 1655 days ago
Doesn't work with Google. If you cannot log into the account, their legal team won't accept that you are the account holder. Even if you provide passport and driving license etc., they can't be sure, because you didn't upload the passport and stuff when opening the account.
link
probably_wrong 1655 days ago
I'm having trouble deciding whether you talk about something that has happened or about something that could happen.

Assuming it's the latter: given enough evidence that you are you (same name as the recipient, deep knowledge of the account, knowledge of the password, etc), any court would rule in your favor and force Google to turn over the account. But I would be willing to bet that, assuming you are no one "special", they would relent much earlier in the process - the cost of the lawyers alone would probably outweight whatever profit they obtain from you, and GDPR fines can be high.

link
londons_explore 1655 days ago
But there are also massive GDPR files for handing the data to the wrong person. Inaction is less risky.
link
znpy 1655 days ago
Then you can sue, I guess.
link