Using GDPR to obtain one’s data as JSON

My favourite is still Art. 22, p. 1:<p>&quot;The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.&quot;<p>Which means that if e.g. a bank declines your mortgage application based on a decision from a fully automated system you have a right to have a human being review it.<p>Interestingly this made banks reluctant to use AI and helped with efforts in development of so-called &quot;explainable AI&quot;.

I love this clause too. It&#x27;s been making it possible to help people migrate to my app: <a href="https:&#x2F;&#x2F;github.com&#x2F;TheLastProject&#x2F;Catima&#x2F;issues?q=is%3Aissue+label%3Aimport+" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;TheLastProject&#x2F;Catima&#x2F;issues?q=is%3Aissue...</a><p>Of course I document my export format too so others can do the same with data from my app: <a href="https:&#x2F;&#x2F;github.com&#x2F;TheLastProject&#x2F;Catima&#x2F;wiki&#x2F;Export-format" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;TheLastProject&#x2F;Catima&#x2F;wiki&#x2F;Export-format</a> :)<p>The sad part is the allowed 30 days timeframe. Stocard really abuses this to make you wait as long for your data as they legally can make you wait: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;SylvieLorxu&#x2F;status&#x2F;1389343401435439112" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;SylvieLorxu&#x2F;status&#x2F;1389343401435439112</a>

I literally did this with GitHub they told me to get lost and go to court to force it through.

I have a feeling that the unnamed todo service is Todoist. They offer a free plan, but backing up data requires a Pro plan which is really not ideal:<p><a href="https:&#x2F;&#x2F;todoist.com&#x2F;help&#x2F;articles&#x2F;backups" rel="nofollow">https:&#x2F;&#x2F;todoist.com&#x2F;help&#x2F;articles&#x2F;backups</a><p>I use the free plan, don’t reside in Europe, and recently wanted a backup. If you’re in the same boat, I recommend the following project — it has good documentation and immediately worked.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;darekkay&#x2F;todoist-export" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;darekkay&#x2F;todoist-export</a>

YouTube will not give out data after suspending an account, which is likely a violation.

I was just thinking about this.<p>I&#x27;ve been delaying allowing whatsapp from sharing my data with facebook for a while now, but last news is that unless I give in to the extortion, I won&#x27;t be allowed to send and receive messages to my contacts.<p>I&#x27;m going to request all my data to Whatsapp using GDPR before switching all my conversations to Telegram, I guess.

A bit of a tangent, but I think some people often criticize GDPR because it doesn’t have perfect enforcement, or some people are annoyed by the cookie banners.<p>However, a positive aspect I don’t hear talked about enough is how it has had a chilling effect (in the most positive pro consumer way possible) I’ve noticed in my industry people are just much more careful about user data now, compared to it hardly being talked about before GDPR. Just the threat of those fines has scared C levels enough to put at least some engineering resources on privacy and security where there was much less before from my experience.

I did this to a bunch of companies a while ago now, the results were incredibly boring with the exception of eBay who delivered the data by posting a USB drive to my house.

This might work for data that is stored but another regulation enforces storage of only that data that you need — making it inefficient for backup restore (systems can just wipe your data and call it a day instead of soft-deleting it).

since the author mentions whatsapp:<p>What&#x27;s the best strategy for exporting _all_ whatsapp messages on a device to a format that is readiable without whatsapp? - the export functionalities i&#x27;ve tried work with a message cap or other limitations.<p>Otherwise, they involve emailing yourself conversations one at a time.<p>I _think_ this is region dependent, but would like to hear from others.

The title is misleading. It should be something like &quot;machine readable format&quot;. Since the law does not specify json.

I wrote my own comment fetcher for reddit, since there is a limit as data gets archived.<p>I still managed to get all the 8 years of comments.

Netflix’s GDPR dump was kind of painful to actually make use of. In particular I wanted to port my 15 years of ratings (over 1000 movies) to Letterboxd but the Netflix dump only gives title as the identifier of the media, and some titles are VERY indistinct.<p>Any other information, anything else, like Year of movie would have helped. Instead I spent literal hours adjusting my data in Letterboxd’s fantastic import tool.

Not entirely true. It hugely depends on the company. I have no luck retrieving even my personal info from some companies re. my interviews (I asked for internal email notes where I was the subject) and they simply denied providing almost nothing.Some even quoted GDPR as the reason in response stating the info I requested contains other people&#x27;s details too. Some correctly provided info I asked redacting other peoples details which is fair. But there are so many exclusions to GDPR (<a href="https:&#x2F;&#x2F;ico.org.uk&#x2F;for-organisations&#x2F;guide-to-data-protection&#x2F;guide-to-the-general-data-protection-regulation-gdpr&#x2F;the-right-to-be-informed&#x2F;are-there-any-exceptions&#x2F;" rel="nofollow">https:&#x2F;&#x2F;ico.org.uk&#x2F;for-organisations&#x2F;guide-to-data-protectio...</a>) and the companies can use one or another exemption stated to ignore your request.

It&#x27;s sad that companies act so immorally that GDPR must exist.<p>But I guess it&#x27;s good this guy found yet another way to recover lost data?

&gt; The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller<p>IANAL, but this sounds to me like you are entitled to receive only the personal data of yours in a machine-readable format, not _everything_ you entered.

This “one neat trick” means that some high level employee probably had to do it by hand.<p>Making a request like this is a borderline unethical waste of someone’s time.