[kjellsbells]

I'm not qualified to weigh in on the merits of the request, but asking a corporation to change something and then throwing in a bunch of legalese about compliance and GDPR seems like an excellent way to guarantee that the poor reviewer of the requests is not going to deal with it, let alone quickly.

At best, they raise it to their internal legal contact. The inhouse lawyer rapidly advises them to not respond in any written or recorded medium. Issue goes nowhere.

At worst, they realize that this is a hairball with "vaguely legal stuff" and decide to review some other issue instead for a more productive and less stressful day. Issue goes nowhere.

[aaomidi]

This language in the bug makes it easier to build a legal case against them.

[alkonaut]

It's very easy: Complaints should be directed to whoever is listed in the Personal Data Protection Policy issued by (in this case) Microsoft. The privacy notice (Which nicely seems to be the same one across microsoft products!) clearly says how to complain, as it should https://privacy.microsoft.com/en-us/privacystatement

And that method is not a github comment.

The commenter might have followed the correct route to complain too, but could then at least have said that "I have contacted microsoft at [..] as outlined in the Personal Data Protection Policy and expect a response within [..]"