It doesn’t. You can block their crawler with robots.txt and send DMCA takedown requests for archived pages as the domain owner which they will honor.
Edit: I was under the wrong impression that if you specifically call out ia_archiver in robots.txt they would honor it. It’s been completely ignored since 2017.
Considering its a company established in Switzerland, and that by Swiss law you have the right to informational self determination, as in you have the right to correct/delete data about you (to some extend ofc), I'd say its grossely illegal
Company location does not matter for this — if you sell goods internationally, you must obey consumer laws wherever you sell them, instead of wherever your business is located
I took it that he was being sarcastic in that comment. Only the mafia would charge you for making you the favor of removing you a problem that themselves created.
First time I opened the page, it redirected me away. Second time, it stayed on the product page. Third time, it redirected me away but the back button could return me to the subject of this thread. Subsequent attempts didn't even give me that.
It's been there for a long while, doesn't look like a test item. My guess is they're trying to take it down, but cache hits along the way bring it back for now.
Do you have a source for this? I remember people talking about it being possibile for them to do (and now redact.dev even replaces old comments with randomly-generated sentences) but I don't recall them being caught actually doing it.
Administrative Processing Fees are a thing of GDPR. In most cases, however, this should not be a applicable for something as simple as an SQL statement from a button.
Why is it legal to charge if they don't manually, but not of they do up front work to automate it? That would create an incentive to not automate, which would be a chilling effect.
When ordering two of those items (which is kinda weird) i noticed the following:
“ Your personal data will be used to process your order, support your experience throughout this website, and for other purposes described in our privacy policy.”
Does this mean while processing my order, the account removal, they update or recreate the account? :)
If they only sold their products in Switzerland, sure. But once they operate in EU countries, they must respect EU laws (for those costumers, at least).
Switzerland is part of the EU Internal Market through the EEA though and therefore has to implement many laws like this. It just doesn't have a say in them.
Switzerland isn't in the EEA either as they rejected EEA membership in a vote in '92.
Instead they have a weird patchwork of bilateral treaties that are designed to look pretty much like EEA membership if you squint just right, and look like just bilateral treaties in separate areas if you squint a bit differently. They're linked, and at least the first seven have a "guillotine clause" so they all cease to apply if one of them is canceled, so in practice Switzerland is practically like an EEA member, but they get to pretend it's all very different.
There are some clear differences, though, and there have been years of negotiations trying to reduce them without success.
I don't know what point you are trying to make with your snark, but bilateral treaties are much easier to alter or cancel if one party so desires, and public opinion in Switzerland is that they were definitely the right choice and the way to go forward. They are actively being negotiated.
Switzerland's a bit of an oddity; it's actually not in the EEA, but in EFTA. It's not subject to the ECJ, but to EFTA Court (which is definitely not the ECJ wearing false moustaches). And it's not subject to the GDPR, but it has a law aligned to the GDPR.
EDIT: No, I'm wrong; while EFTA Court used to be based in Switzerland, Switzerland is no longer subject to it. It still exists, but only for EFTA members who are also EEA members. This whole thing is impossible to keep track of.
I think the idea is that the GDPR requires that companies allow users to delete or correct data about them.
And the GDPR scope is determined by the user, not the company. You can have your company based on the far side of the moon, with 99.99% of your users based on mars. For that one user that is living in Europe (note : living, not nationality) the GDPR applies.
Mind you, I'm not sure that the GDPR says that you can't charge for that. As long as you can justify that the amount is in relation to your expenses, my bet would be that a judge will allow it.
You can break a country’s laws depending on whether or not you are ever going to go to that country, or what treaties your country has signed which might cause it to enforce other countries’ laws.
These GDPR conversations tend to pointlessly go back and forth on this because one side is describing the GDPR from the point of view of: what does the law say? The other is looking at it from the point of view of: I only have to follow my country’s laws.
The latter is closer to correct in some technical sense; laws have finite jurisdictions. But the EU has a big market and so lots of entities play ball with them, to some extent, in general, so it is probably better for most people to comply.
No if you operate in the EU you have to comply that's it. If you buy something from Joe the farmer in PA, you are the one importing it (you are paying the custom duties) and Joe the farmer doesn't have to comply with anything related to GDPR. If Joe the farmer wants to sell directly its product in the EU (not from the US) then he has to comply.
Well, there can be administrative fees. It is a right, but that does not imply that it is cost-free. As a EU citizen you have the right to settle in france, but the registration process in the village you need to pay.
This is a sever breach of GDPR, so is their practice to use the information you give them when ordering for other things then processing your order without an explicit non required opt-in on your part.
Furthermore in the past when GDPR was new, judges where often quite lenient when it came to enforcement of first offenders but that is increasingly less the case. And which such bland consumer abusive business practices they might be in for a really bad awakening (if they sell to the EU).
Additionally given all that I wouldn't be surprised if their website is also committing GDPR violations.
Also even if they have free GDPR deletion "hidden somewhere" that still would be a violation of GDPR as it has been clarified by judges in other cases (related to information requests instead of deletion).
IANAL, but I don't see any requirement of it having to be "free". I probably miss something. And It would seem very much against the spirit, but is a company really not allowed to charge fees for "deleting"?
The account thing seems to be an issue for people who buy e-scooters on the secondary market (i.o.w. used). Often, the scooter is still tied to the previous owner's app.
I've found forum posts of people resorting to using the email/password from the previous owner, or sending a registered letter to SoFlow asserting the new ownership.
So, and now I'm speculating, it's possible that this is less about deleting the account than it is about unlinking a scooter from your account, and it is a way for SoFlow to dip into the secondary market -- each transfer nets them another 20 EUR.
It's also possible that this is a way for the new owner to unlink their scooter from the previous owner, with an associated service charge -- the checkout page requires proof of ownership. In that case, it might be a way to prevent fraud, i.e. people stealing scooters and resetting them; thieves are unlikely to pay 20 EUR for that, nor are they keen on tying their real identity to the stolen scooter.
Like I said, this is speculation and I'm not saying this is a good way to do it, and it's not at all explained on the website, I'm just thinking aloud here. It just seems unlikely that anybody would attempt to charge 20 EUR for a simple account deletion.
This is weird. Their privacy policy enforcing them to delete your account. I guess it is just a catch for those who don't know what GDPR us.
4. Right to deletion
a) Obligation to delete
You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
You object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing.
- The personal data concerning you have been processed unlawfully.
The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
It might be similar to how credit report agencies have to provide the reports for free under GDPR, but not before trying to make you pay twenty different ways.
>but not before trying to make you pay twenty different ways.
This itself is illegal. It must be simple and straightforward. EU laws broadly do not tolerate the rules lawyering popular in the US, companies know what the intent is and playing games will not work out in their favor.
It’s meant to take on the large/multiple offenders; if they get enough complaints about 1 company and after warnings that company doesn’t change, they will fine.
they could fine without warning and IMHO they should start doing so it's the law isn't new isn't complicated to roughly get right for 99% of companies so there is no longer reason to go easy on companies which seem to very knowingly give a shit (independently of weather it actually was knowingly)
That would make it more like the US with over litigation, companies hiring people to find competitors in violation and going by the letter instead of the intent of the law. Also; the gdpr is large and complex but the intent is pretty clear; if we start to go by the letter, very many companies are unknowingly in violation but cannot afford consultants. They don’t abuse the data ; they just store too much for instance. It would be very strange if they get fined immediately; they will have 0 complaints over their existence probably, so a warning would suffice.
The companies that don’t give a shit aka ignore warnings from the overseer in their country, will get fined; small or big. It works fine.
also too little clarification for "predictable edge cases and ways companies try to circumvent" had been put in law upfront (laws some a form of comment section into which such things can be placed, most times as result of previous court decisions)
and from the resources which are available too many are bound in large companies bullshitting around by trying to delay enforcement by a very obvious misinterpretations of the law and huge legal teams/founds to delay and delay and delay
Monetization of churn? Nice try marketeers, you gave me the fatal argument I needed to never sign up. Just because you revealed your values with that proposal, I know I never want any relationship with that.
This has to be illegal, right? There’s no way this is allowed. It can’t be legally or morally correct to hold someone’s data, and when asked to remove that data from your servers via account deletion, ask for 20 dollars. Adobe does this too, and I feel that subscription based models and hypermonetization is going to become more and more common in the next 10 year.
BTW there are European banks that have fees for account closure (and for cancelling credit/debit cards; and for stopping standing payment orders; and maybe for cancelling SEPA mandates).
I thought this had to be an April Fools' Day joke but upon checking the source, it shows the page was last modified on 2023-11-14. It's even more hilarious (in a sad way).
Must be some kind of weird technical reason (easier to create a "product" to execute an account deletion etc). I dont think they actually charge for that.
SoFlow AG
Bionstrasse 4
9015 St.Gallen
Switzerland
They are not members of the EU. Still, a well-written email in legal lingo in the country's official language helps a lot. Remember to include a reference to the relevant local law.
- not hide it trying to trick the user into "buying" something to delete their account
through if you have bought one but can not use it because someone else has an account with the hardware you bought from them then the person from which you bought it must do the deletion request for it to be covered by GDPR
and they probably could come up with some nonsense where the account is deleted by the device "stays locked" and you have to pay 20€ to unlock it for a new account
that might still be in violation of consumer protection law, but no longer has anything to do with GDPR and even in consumer protection law will be in a gray zone where you can do little but complain to official agencies
