The GDPR does not say that controllers must always delete personal data on request. Article 17(1)(a) — erasure is required only when:
"the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed"
https://gdpr-info.eu/art-17-gdpr
It's like the cookie banner all over again. This law never, ever required a cookie banner.
The big companies are master in malicious compliance that benefit them, and let them blame the EU for it.
Rules of thumbs, international billion dollars company should be assumed to be the ones being the bad guys until proven otherwise. They have lost the benefit of the doubt decades ago.
loading story #48837094
loading story #48836267