Giving fake info can compromise your GDPR access rights - eviltoast

cross-posted from: https://sopuli.xyz/post/10336994

I often give fake info as an extra measure of data protection. If I don’t need the data controller to have my date of birth, I give a fake one.

Well this just screwed me because I made an access request and the data controller said: to verify your identity, tell us your date of birth. Fuck me. I didn’t keep track of which fake date I gave them. I didn’t even keep track of whether I gave fake info. So they could treat my otherwise legit request as a breach attempt.

I should have kept track of the birth date I supplied. I will; from now on.

  • morras@jlai.lu
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    Providing the service is selling groceries, that doesn’t require a birth date.

    So it’s not possible to sneak it under performance of contract. Only Legitimate Interest or Consent could be valid, and you can oppose/retract.

    But good readng, please provide our findings, that will save me a reading 😅