This raises an interesting question. Let's say I have a data-set that contains a lot of photos of people, but I don't know who; or maybe I think I know who, but there's 20% chance there are people who are in these photos that aren't successfully tagged.<p>Now, lets say someone who I don't have on my list asks for the data I have of them, and I tell them I don't have any, but really they're one of the untagged people. Have I broken the rules? Presumably not.<p>What if someone requests the info I have on them, I tell them nothing, but then later on I realize that one of these photos actually was a picture of them. Should I then try to follow up with them and make a correction?<p>I'm curious. I think the GDPR is great. These are important problems.
I'm not convinced the hyper-aggressive / snide approch the author is a good idea, if he actually wants access to the data. (Rather than just be showboating to his blog audience, which appears to be the real intent here). Seems like it makes it much easier for Facebook to argue that this is a "manifestly unfounded" request, which is one of the few cases where the GDPR specifically allows refusing a request.