Last week I received an email from Meta Plattforms Inc about their new ToS and Privacy Policy addressed to my first Name.
But I don’t have any accounts on any services from Meta Platforms (I deleted them a few years ago). Therefore I contacted the DPO and requested a copy of my personal data and asked them to delete it according to GDPR.
They told me that there is no account associated to my email, I should provide my account details to the account in question, which I don’t have. They are unable to help me with the data I provided and I should contact the irish or my local data protection authority and bring my claims before court.
So they obviously have at least my first name and my email address and refuse to comply with GDPR.
Has anyone had any simmilar experiences or any recommendations on my further actions?
I don’t have the time and money to sue Meta, but I will contact my local data protection authority.
Yeah I was really disappointed to see that email. They shouldn’t have any of my information any longer. Unfortunately I’m a citizen of the United States so we don’t have national level protections because our country doesn’t give a fuck about our information security or privacy
It seems plausible to me that their GDPR process probably missed some email communication system where the name and email was stored, like a hubspot or something custom. Most places I’ve seen have a ton of systems with name and email in it, and GDPR processes aren’t maintained well across all of the teams using that data.
Not saying it’s right, just saying it’s possible an account was mostly deleted and the remnants remain in some other tool, and the person you spoke with only knows about their main systems.
Yes, could be possible, but I think this is not acceptable for a company as big as Meta
Agreed it’s not acceptable. Unfortunately I don’t think GDPR is taken seriously enough. Hopefully at some point the consequences will get better
And water is wet.
Meta has never and will never comply with GDPR in any capacity and the Irish DPO will be more than happy to dish out more fines if stuff like this comes to light.
Meta and however many other of the giant tech companies.
Often it’s cheaper for these services to take fines than it is to change up their operation, by an order of magnitude.
Sidenote - Hey, been a minute.
GDPR fines can scale to a company’s yearly revenue. They can absolutely get in more trouble than it’s worth if they keep blatantly shitting on the GDPR. Keep reporting them whenever you see these violations.
Water has the ability to make things wet but is not wet in and of itself.
I received the same email and also deleted the account about 9 years ago. They absolutely are keeping account information.
deleted by creator
Just jumping in to say I had the same thing. Deleted account and got that same email.
Are you sure it wasn’t a phishing email? With stolen creds?
This was the sender email: notification@email.meta.com
And all links point to meta.com, so no phishing
Check the email headers. You can spoof a sender address
I know, already done. Looks fine
All good, just wanted to make sure since it wasn’t clear
Thank you anyways for the hint
Spoofing a sender while falsifying compliance with SP
DIF and DKIM are another matter entirely.OP, do you know if your email host performs these checks? (The popular webmail services do)
S/PDIF (Sony/Philips Digital InterFace) is an audio interface, perhaps you meant to refer to SPF (the Sender Policy Framework)?
Ahh yes, you are correct, I got mixed up!
:)
It is a gmail address
Then you are probably fine unless you’re a high value target. Gmail checks these, and any such bypass would not be burned on a common target.
Well, it’s your chance to sue them.
You don’t have to sue them. Suing a multinational company will bankrupt you. Let the data protection authority handle this.
The DPC is almost certainly going to ignore complaints like this. You can choose between suing meta or suing the DPC.
It’s not the US here, suing is not viable nor easy in the EU. That’s why we created that system in the first place. And it kinda works. It may be slow but they are not gonna ignore complaints at random
Have you ever seen the statistics? The DPAs are massively underfunded and the Irish DPC in particular is notorious for ignoring complaints, to the point where the EU is considering launching infringement procedures against Ireland for not properly enforcing the GDPR. If you think they will take action on a complaint like this, you will get disappointed.
On the other hand, petitioning the courts to intervene is probably easier than you think. In some member states you don’t even need a lawyer, so all it takes is a bit of time and some court fees. I’m not saying it’s the preferred option, but realistically it is the shortest path to a result.
Did you have an Occulus account?
Damn, yes
That might be it. I received an email on my newer email that I did use for Occulus but not on my old one I had used for Facebook stuff where I deleted my account.
Facebook leaked my mobile phone, where consequently I get sales calls from the other side of planet. I had deleted my account already 6 years prior. I live in the EU btw. F Meta
