Ask HN: Retaliation for privately disclosing user IDs in DSA transparency data?

2 points by hn773746483 ↗ HN
(note: I'm non-EU, company is American with EU branch)

I informed a country's DPA that a company was leaking millions of user IDs within DSA transparency reports. EU developer documentation + DSA text states PII must not be within this data multiple times, proving severe incompetency.

On the day of their final update, the company suddenly banned my account, losing access to a significant chunk of my online life as well as nearly a decade of daily conversations with friends and family.

From that day onward, daily DSA transparency reports were empty for weeks (down from thousands daily).

Eventually they resumed, and past files containing PII were replaced with user IDs removed.

Tried contacting NGOs like EFF and the DPA again, they won't help either due to my non-EU status or because of their own caseload.

The company's DPO & legal teams have been locking and ignoring all communication attempts for months, they don't have any contact point outside of zendesk.

I can't afford lawyers either.

What should my next steps be?

4 comments

[ 2.1 ms ] story [ 20.8 ms ] thread
Drop company names, punish them further. Make sure you are legally covered. I don't know if you have any whistleblower protections, ask chatgpt
I considered it but I'd rather not wake up to threatening certified mail seeing as they're no stranger to these underhanded tactics. They have a fairly negative reputation among places like HN anyway.
Did you try to contact noyb? They are little compared to the eff, but have caused some changes since their founding.
Also the DPA is not an NGO. It is an role in the gouvernment.