The GDPR penalties are pretty serious for any reasonably large entity operating within Europe. I think when they’re actually pushed with a proper GDPR request, they will mostly comply.
And it’s risky to try to use that data. If someone, sometime in the future can prove their data was used after a confirmed GDPR request, it could be bad for them. And frankly, the number of actual GDPR requests is small enough that it’s not worth their while for such a small part of the sheer cascade of data they have.
Yes, for everyone else I don’t doubt they don’t actually delete anything.
The GDPR penalties are pretty serious for any reasonably large entity operating within Europe. I think when they’re actually pushed with a proper GDPR request, they will mostly comply.
And it’s risky to try to use that data. If someone, sometime in the future can prove their data was used after a confirmed GDPR request, it could be bad for them. And frankly, the number of actual GDPR requests is small enough that it’s not worth their while for such a small part of the sheer cascade of data they have.
Yes, for everyone else I don’t doubt they don’t actually delete anything.
The modern world runs on plausible deniability, especially the tech world