← Back to context

Comment by HenryBemis

6 years ago

As GDPR Data Requests go, the following "GDPR Nightmare Letter" has impressed me since it came out 2 years ago:

https://www.linkedin.com/pulse/nightmare-letter-subject-acce...

Of course this is an overkill, but it gives a good starting point - feel free to reduce it to serve your needs.

3 comments

HenryBemis

Reply
yoz-y  6 years ago

From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.

  • vageli  6 years ago

    > From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.

    Do you have more details about which particular sections "reek of bad faith"?

    • yoz-y  6 years ago

      It's not any particular section, rather the tone and the breadth. One easy answer to such a letter is "please read our privacy policy and come back when you have more specific questions". Your company's privacy policy should cover almost all of the "concerns" covered in this letter. Bad faith comes from the fact that a sender of such a letter has, quite obviously, done zero due diligence. The spirit of GDPR is not to fuck with everybody around, it is to force companies to be more responsible overall.

      This is why those OATH and similar dialogs are so jarring, the correct implementation should be opt out by default without being bothered every time one visits a website.