@schmidjon It was somewhat intentional at the time. I thought simplifying the requests would actually help data subjects: if they ask for A and B, you are leaving the opportunity to bicker about B and never deliver anything. I thought it was just more straightforward to ask for only A.
If you look at the top right popup on this page, you will see the type of request generated now. Do have a look. It will provide referenced rebuttals to some of Tinder’s current arguments.
And indeed, the more SARs and complaints, the more pressure on Tinder and the DPC. Particularly if the other data subjects complaint first to their own national data protection authorities, as then they actually need to contact the Irish DPC, which then knows there lots of eyes looking over their shoulder.
A few remarks now concerning Tinder’s actual response:
- What do you think should be provided that hasn’t been? have you made that clear to the DPC?
- They refuse to provide the granular usage information, but then compute aggregate statistics. You might want to clarify why then not provide all the granular data, if they are going to go through the trouble of computing aggregates
- The privacy rights of others can limit what you can get, but in my view Tinder needs to ask other users their opinion.
- Towards the end, they are scoping the Right of Access by saying “we provided the data subject with a significant amount of statistical data so that he could understand how he uses the app”. That seems wrong to me. Your motivation shouldn’t come into play here, and in any case from what I understood that is not your motivation.
Let’s see what the Irish DPC has to say soon.