dan

I think you're just supposed to die now...

Assuming you're using the website rather than the app, it's fairly easy to change your IP, browser, email address and username - if they still know it's you after all that then they're doing something pretty clever...

the fuck?

You can still do it. Email them! They’ll insist you use their form but keep pushing.

Yes 100%. They have an EU presence so this applies to all the data they hold about anyone.

Don’t think it matters, but they’ll certainly get a lot today from this post in r/pics, it’s on like 15k votes. Today is probably as good a time as any.

This is a great idea, please post if you find their address and stuff, that would make an amazing second wave of protest. Even if you’ve already made the request they’ve still got to open the letter, type your username to check - wouldn’t take more than a few hundred of those to cause problems.

I wonder if a letter sending device like this would work?

Haha that’s worth a go - there is basically zero chance of them responding to that properly.

Wow can you imagine how much carnage a letter based subject access request onslaught could be? There’s basically no way around employing people to open letters and then do a bunch of data entry just so they can email you and say “hey fill in this form”.

Edit: Could they even email you? Would they have to respond by post?

You’d be surprised. I’ve worked with some even pretty large companies that just don’t have a good process for this and rely on people doing some semi-manual process to prepare a response. My current employer got swamped with requests unexpectedly and had a hard time dealing with them all.

Interestingly finding them was the hardest part because requests can come in to any part of your business, even via social media: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#socialmedia

Yeah it’s 30 days, though they can push it up to 90 if they have a good reason. They have to inform you of that though.

Also if you’re feeling extra cantankerous you could try emailing them directly: [email protected]

Even though they say you have to use their form, they can’t actually force you to do that: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#requirements

Yeah same. They might be holding back until the last minute deliberately in some 4D chess move, but like you I think it’s more likely some poor soul is preparing them manually.