0·
1 year agoYou’re right, but sometimes a bit of undue courtesy repays in dividends. Not every minor infraction is nefarious and not every minor infraction deserves reporting. A simple courteous reminder of their obligations may save both parties some undue hassle.
I can imagine this company doing this to ensure only authenticated users can have their data removed. There are other ways…but this was probably what they considered reasonable and painless for all, admittedly they (wrongly) didn’t consider the audience of this community in that decision.
How do you know this?
My first thought was “they probably want to ensure they are who they say they are and so want an authenticated request” - while that’s against GDPR, not everyone is as educated as they should be, and not every mistake is a nefarious activity.