Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Retaliation for privately disclosing user IDs in DSA transparency data?
2 points by hn773746483 17 days ago | hide | past | favorite | 6 comments
(note: I'm non-EU, company is American with EU branch)

I informed a country's DPA that a company was leaking millions of user IDs within DSA transparency reports. EU developer documentation + DSA text states PII must not be within this data multiple times, proving severe incompetency.

On the day of their final update, the company suddenly banned my account, losing access to a significant chunk of my online life as well as nearly a decade of daily conversations with friends and family.

From that day onward, daily DSA transparency reports were empty for weeks (down from thousands daily).

Eventually they resumed, and past files containing PII were replaced with user IDs removed.

Tried contacting NGOs like EFF and the DPA again, they won't help either due to my non-EU status or because of their own caseload.

The company's DPO & legal teams have been locking and ignoring all communication attempts for months, they don't have any contact point outside of zendesk.

I can't afford lawyers either.

What should my next steps be?



Drop company names, punish them further. Make sure you are legally covered. I don't know if you have any whistleblower protections, ask chatgpt


I considered it but I'd rather not wake up to threatening certified mail seeing as they're no stranger to these underhanded tactics. They have a fairly negative reputation among places like HN anyway.


Did you try to contact noyb? They are little compared to the eff, but have caused some changes since their founding.


Yup, NOYB couldn't help as I'm non-EU.


Also the DPA is not an NGO. It is an role in the gouvernment.


I know, I reached out to them regarding the retaliation and they started outright that I'm outside of the scope of the DSA and began ignoring my emails across the board, even to the dedicated crossborder address which initially responded to my disclosure.

Very frustrating, they accepted my initial info but when it became "company has retaliated against me after providing you that info" they wipe their hands clean of it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: