Is this even legal? Hiding data deletion behind login (after email request)
I wanted to delete my old oppo id account, and to do that I'll need to login into it, but I don't know the password.
Password reset requires saying when the account was created (month and year) and "tech support" can't help here either.
Is it legal to block / hide account deletion behind login in European countries? GDPR (and polish RODO) both talk about a right to data deletion, which in this case, I believe, isn't respected.
it's not illegal to put account deletion behind a login at all. Its also legal for them to request identification.
However if you request data deletion and they have no valid exception to avoid doing that they must comply, it doesn't matter if they have a mechanism for deletion that you can use, they have to still delete the data even if you don't press the "delete account" button.
you can file a complaint with your countries regulatory departments but if they refuse to press the delete account button for you, there's not much else you can do outside of that.
It has already been said but the company is complying in the sense that it is providing a solution whereby you can delete your account. That said, where you are unable to follow that process, they should offer you the same ability via email. Each company does things slightly differently but I would hazard a guess that an email stating that you find it more reasonable for the action to be carried out via email, they would be likely to comply.
The reasons why companies put these in place is simply to avoid mass requests for deletion and, as stated, to also protect you.
While email spoofing has been mentioned, it is somewhat unlikely anyone would send a request for deletion after spoofing your email, yet, it is not impossible.
saying when the account was created (month and year)
This is an absurd requirement, but do you have a ballpark idea, and does it let you continue to guess multiple times? Submit a few dozen password reset requests and if they complain, tell them to verify you via alternate means.
It allows 3 guesses, but I don't know how often they reset. I'm pretty sure the account was created after September 2019, but that's still a lot of possibilities.
Did you tell them that you don't have access to your account? Because to me, this reads like the default answer ("here's how you do it yourself"), not like they won't do it by email if asked to do so.
My company does the same - if you ask our support how to delete the data, they will send you a link to the customer portal. Only if you tell them that doesn't work for you, they will work out another way.
We built the feature into the customer portal, so we want people to use it if possible. Because that's way less work for our support team.
First I wrote on live chat support. After they couldn't help me, I sent the email.
...and it's not the email alone I'm mad at (maybe a little) but the overall experience I had with them. After explaining my issue I was told multiple times they couldn't do anything and the best suggestion I got was "you could create another account", that's not helpful. What am I supposed to do, just leave the old one to die slowly and forgotten?