undefined | Better HN

0 pointsDocTomoe5y ago0 comments

I'm not sure about that. Information that is saved about a user might be more security-relevant than what someone - they or someone who hacked their account - might see in their account.

It clearly is something I would not want to have hours of meetings with legal council about, so I can see why some organisations may err on the safer side.

0 comments

3 comments · 1 top-level

PoignardAzur5y ago· 2 in thread

You're playing devil's advocate.

If someone has access to your password and 2FA method, they can impersonate you and destroy your reputation, buy things in your name, consult all your old photos and learn everything about you, etc, and no platform will ever ask them a EU id at any point in the process.

The idea that a platform asks for a EU id for any reason other than making the GDPR request process more painful is laughable.

afiori5y ago

there is a possible reason, the gdpr applies to EU citizens, EU residents, and people within the EU, so it is reasonable they ask you to prove you are one of these categories.

PoignardAzur5y ago

Yeah, no kidding. Of course they want you to prove you're a EU citizen, because they want to make as little effort as possible.

I don't consider that reasonable. Data portability should be a right. You shouldn't have to jump through hoops to exercise that right, and companies shouldn't be asking you "can you prove beyond a doubt that we're legally obligated to give you your data" before doing so.

1 more reply

j / k navigate · click thread line to collapse