A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

  • Blackmist@feddit.uk
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    4
    ·
    1 year ago

    It’s way too easy to spoof email “from” addresses.

    There should be a way to do it through their website though. Requiring an app is just stupid.

    • wido@lemmy.tf
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      1
      ·
      1 year ago

      They literally replied to his registered email and he has the reply. That would indicate that he has at least access to the account. So with OP’s next email quoting the reply ownership over the associated email address should be reasonably established.