this post was submitted on 20 May 2025
5 points (85.7% liked)

degoogle

173 readers
1 users here now

Quit your Google addiction. Use privacy focused Services.

founded 2 months ago
MODERATORS
tfm@europe.pub
5
How can I send a GDPR request to Google if I am not a user/patron? How can Google ID me to process my request if I do not want them to have my name or mailing address? (slrpnk.net)
submitted 1 week ago by activistPnk@slrpnk.net to c/degoogle@europe.pub
5 comments fedilink hide all child comments
 

Sometimes a gmail user sends me an email. I object to that. In principle, I need be able to tell Google that I do not consent to them processing my personal data whatsoever.

If one of their users addresses an email to one of my email addresses, I do not want Google to store the message or even transmit it. They must refuse to handle my personal data, and thus refuse to process email traffic involving my email address.

I believe this falls under GDPR Art.18 or 21. But the question is, how can I submit my GDPR request to Google? I can write them a letter but I do not want Google to get my address. I don’t even want Google to know my name. The only thing I want Google to know is my email address, so that Google’s mail servers can refuse mail to that address. But the mere act of submitting a GDPR request inherently requires data subjects to prove their identity to data controllers.

top 5 comments
sorted by: hot top controversial new old
[–] red_bull_of_juarez@lemmy.dbzer0.com 1 points 1 week ago (1 children)

I'd like to see this go to court, actually. I don't think you have a case, because Google is just acting as a service provider and those have been found to not be liable for actions of their users. Like Google is not at fault if some users conspire for a crime over their services. But as I am not a lawyer, I'd really want to see what a court has to say.

[–] activistPnk@slrpnk.net 1 points 1 week ago (1 children)

Google is certainly obligated to comply with the GDPR. But I suspect they are shielded if they can call themselves a /data processor/ and not a /data controller/.

It’s certainly a big hole in the GDPR. The GDPR framers did not consider the fact that in some situations you have countless data controllers all using the same giant processor, in which case it’s only reasonable for data subjects to be able to go direct to the data processor rather than playing whack-a-mole with controllers.

[–] red_bull_of_juarez@lemmy.dbzer0.com 1 points 1 week ago

And that's why I'd like to get a court ruling on this. Would be quite interesting.

[–] tfm@europe.pub 2 points 1 week ago (1 children)

Maybe here? https://reportcontent.google.com/forms/rtbf

[–] activistPnk@slrpnk.net 2 points 1 week ago* (last edited 1 week ago)

hmm.. painful. That page assumes I speak the language of whatever country my Tor circuit exited. I see at the bottom there is a Google reCAPTCHA barrier.

Nonetheless, I’m glad to know my options but I guess I’ll have to keep trying that page until it speaks my language before I can work out whether it’s a lesser of evils.

In the end, my question is more legal than technical. I could find out Google’s postal address and send them an anonymous letter. But the problem is perhaps that legally Google only needs to honor the GDPR requests of those whom it can identify. In fact, I think it’s expressly written somewhere that anonymous people do not have GDPR protection.

My question may have no answer. Perhaps I have to let Google have my identity as a trade-off to getting GDPR rights.