One can only hope EU gives them a GDPR fine very close to the limit of 4% of global turnover. But when EU is actually need to protect customer I think they will fail.
Incidents like this show how unenforceable GDPR is, and how it's been a net negative for users since its inception. It's idealogical back-patting, toothless when it matters.
After the GDPR every website added an option to export your personal data and to delete your account. Something most were missing at the time. It was an immediate and massive win.
Right, but nothing stops companies from refusing SARs on baloney grounds.
Complain to a DPA? They tell you to go through ADR or outright ignore you. Complain to Ombudsman? They'll tell you the same. (In my experience, the Dutch do this)
Company ignores ADR? Sure, now you can go through the legal route and spend copious amounts of money all because a multi billion dollar company knows the game and how to navigate the bureaucratic mess better than you.
Yep, this is how they do it. The domain registrar netcup did something like this to me.I went through their parent company (?) too, without success. They will put forth any reason to not have to delete your data. I suspect, that they either are trying to reduce work for themselves, or their platform is so crap internally, that they would have to get someone coding to delete the data.
This. In reality, GDPR isn't preventative, nor punitive enough for any meaningful user protection. We get cookie banners everywhere and user data harvesting companies happily pay the negligible fines
The DPC would disagree. All you need to show is that you took "reasonable steps to protect users," which is trivial to do, and not even a single fine will be levied.