Last week I received an email from Meta Plattforms Inc about their new ToS and Privacy Policy addressed to my first Name.
But I don't have any accounts on any services from Meta Platforms (I deleted them a few years ago). Therefore I contacted the DPO and requested a copy of my personal data and asked them to delete it according to GDPR.
They told me that there is no account associated to my email, I should provide my account details to the account in question, which I don't have. They are unable to help me with the data I provided and I should contact the irish or my local data protection authority and bring my claims before court.
So they obviously have at least my first name and my email address and refuse to comply with GDPR.
Has anyone had any simmilar experiences or any recommendations on my further actions?
I don't have the time and money to sue Meta, but I will contact my local data protection authority.
Meta has never and will never comply with GDPR in any capacity and the Irish DPO will be more than happy to dish out more fines if stuff like this comes to light.
GDPR fines can scale to a company's yearly revenue. They can absolutely get in more trouble than it's worth if they keep blatantly shitting on the GDPR. Keep reporting them whenever you see these violations.
I'd say try again but specifically 1) talk to someone who is a designated GDPR officer (they have to have the contact listed), 2) specify that you don't have an account, but are requesting the information anyway
Maybe just talking to a different person will get you different information. Most likely support is done by some center in India that is going by an internal faq and so it always depends who you gonna get.
I mean, them asking you to provide email/info of your account smells of misdirection already (whether deliberate or not), because you don't have to have an account for them to have your data.
Recently I've been thinking of doing something about emails from a gaming store I've started receiving a few months ago, to an email I've not been using for over a decade and that's only been registered to some forums. If I decide to look into that, they need to be able to explain where they got the my contact in the first place.
I did everything you included in your first paragraph.
I could try again but I don't know if this makes any difference, at least I read a simmilar story on reddit some time ago. If I remember correctly it was about a person who got banned on Instagram and therefore he was not able to get his data deleted.
Well they have to, regardless of account status. If they don't, then as you say they're in violation and therefore you can report them to your local GDPR bureau, which every EU country has.
You don't have to sue Meta, the bureau has the authority to enforce compliance and give fines for every day they don't. Dunno how effective it is against entities like Meta, but they've been in hot water in a couple countries already.
Ed: ok I guess it's important how identifiable the data is. Monoliths like Meta do collect a ton of data which they technically can claim is anonymous... We'll see how that turns out eventually. But email and name are definitely personal data.
Yeah I was really disappointed to see that email. They shouldn't have any of my information any longer. Unfortunately I'm a citizen of the United States so we don't have national level protections because our country doesn't give a fuck about our information security or privacy
That might be it. I received an email on my newer email that I did use for Occulus but not on my old one I had used for Facebook stuff where I deleted my account.
It seems plausible to me that their GDPR process probably missed some email communication system where the name and email was stored, like a hubspot or something custom. Most places I've seen have a ton of systems with name and email in it, and GDPR processes aren't maintained well across all of the teams using that data.
Not saying it's right, just saying it's possible an account was mostly deleted and the remnants remain in some other tool, and the person you spoke with only knows about their main systems.
Facebook leaked my mobile phone, where consequently I get sales calls from the other side of planet. I had deleted my account already 6 years prior. I live in the EU btw. F Meta