[pikrzyszto]

I once asked for a feedback, was told that they won't give any. Filed a GDPR request and got all of their e-mails and internal tickets about me and my application. Funnily, they printed this data, scanned to PDF and sent the PDF via e-mail.

[sircastor]

Was it insightful? Did it help?

[gota]

> they printed this data, scanned to PDF and sent the PDF via e-mail.

I guess it may not be in this case (low volume, text content), but this could be a tactic to generate hurdles for anyone attempting to use it in systematic fashion.

I've heard of a case where a state org was required to send some students a set of spreadsheets (I guess they required it).

They printed the spreadsheets, laid the pages out-of-order on a table (to be clear, a physical table, a flat surface made of wood with 4 legs) and took a picture with worse than average lighting and a skewed framing. Technically they complied. A person could, with some effort, read the contents of the spreadsheets. In practice, the students couldn't get to what they wanted (automated verification of the values in the spreadsheets)

TBH it had a bit of an urban legend vibe back when I heard it years ago, but I wouldn't doubt it

[pikrzyszto]

I think it was more about security/confidentiality - when you print and scan you exactly see what's that that you're sending. No hidden HTML elements, e-mail headers and stuff like that. And they blacked out some of the stuff I didn't need to see (again, with a permanent marker so hard to do it wrong).

[gregsadetsky]

absolutely brilliant! like a mini personal FOIA[0] request. wow.

[0] https://en.wikipedia.org/wiki/Freedom_of_Information_Act_(Un...

[rglullis]

I'm sorry but that won't fly with any company with a minimal amount of legal IQ.

[pikrzyszto]

I'm curious - why? Can you send some resources about that? Do you know if there is an alternative law I could support my claims with in UK or EU?

[rglullis]

Internal conversations about you does not qualify as personal data. The data was not collected from you and you did not have to consent to have them talking about you.

[sircastor]

There’s an argument to be made that it is personal data:

“Art. 4 (1). Personal data are any information which are related to an identified or identifiable natural person.”

I think one of the reasons GDPR is so powerful is its broad definitions that favor people and data about them.

[1] https://gdpr-info.eu/issues/personal-data/#:~:text=GDPR%20Pe....

[rglullis]

It's a weak, absurd argument. The key part is about data that is collected from the person by the data processor.

To repeat: a conversation of two people with their opinion of sircastor is not information about you. It's not like people could only emit their opinion if you consented to it, and you are not the one taking this report from a third-party and giving to the company interviewing you.

[MPSimmons]

oh wow, that's interesting. I am assuming it was European. Do you think what you learned made it worth the effort?

[pikrzyszto]

The effort was zero - I copy-pasted an e-mail template from the internet and volia.

Yes, this is in Europe.

I think I learned quite a lot, namely:

- why I failed the interview (I struggled to produce correct code, the code wasn't very robust and I said it's ok to put it into production)

- why I haven't failed the interview (ex. no mention of my English language skills) - which was more valuable for me than the "why I failed"

- a fairly good confidence that there's little details omitted - when they submit you a voluntary feedback they may give just the most obvious information. Ofc I didn't get the data about what was said on internal meetings.

- some insight into their internal structure, opinions of individual interviews about me etc.

I probably burned bridges with that company but after the interview neither party was interested in cooperation so I decided to give it a shot and see what happens.

I had to wait exactly 30 (or 14?) days (GDPR deadline) for the feedback to get to my mailbox.

[harrythefurry]

I've been on the other side of this, pre-GDPR.

An interviewee was unhappy with my decision and felt that they hadn't had a fair hearing - and complained.

In this case we had a standard form where we assessed candidates over multiple factors (comms skills, technical skills, etc) - so if they got to see the result they'll have seen evaluations on all of that.

I wasn't very impressed with getting the complaint (the only one out of 100+ interviews) but hopefully GDPR is a more neutral way of getting that sort of feedback these days.

[rglullis]

> hopefully GDPR is a more neutral way of getting that sort of feedback.

Only a complete fool would comply with this request. GDPR is not a magic codeword that can force companies to give data away. I am not calling BS on OP's request, but there is absolute no way that internal communications about an applicant falls into GDPR. Basic test: did the person had to consent to "people will talk about you over email" somewhere? If not, it is not data protected by GDPR.