zlacker

[parent] [thread] 3 comments
1. darekk+(OP)[view] [source] 2020-05-23 13:20:49
> This is not lawful under both the GDPR and the CCPA.

INAL, but from my understanding that's exactly what GDPR itself suggests to do:

> The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers.

Thats mainly because [2]:

> There is a very real concern of fraudulent requests from bad actors, who might use a customer’s data for nefarious purposes.

While it's great to know that noone else is able to delete my account, it still feels shady af.

[1] https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e1374-1-1

[2] https://konfirmi.com/blog/gdpr-personal-data-id-verification...

replies(2): >>gruez+Oc >>LamaOf+Ae
2. gruez+Oc[view] [source] 2020-05-23 15:03:10
>>darekk+(OP)
Is there a privacy preserving alternative to sending a scan of your drivers license/passport? Can you get a notary to attest your identity, and you send them the notarized request?
replies(1): >>Raed66+Gv
3. LamaOf+Ae[view] [source] 2020-05-23 15:17:09
>>darekk+(OP)
That's only true if they don't have another way to verify your identity, not if you're logging in to an account using your username and password in order to delete it.
◧◩
4. Raed66+Gv[view] [source] [discussion] 2020-05-23 17:17:57
>>gruez+Oc
If the ID wasn't required for the account creation, why is it needed for the deletion?
[go to top]