Ask HN: Retaliation for privately disclosing user IDs in DSA transparency data?

2•hn773746483•2mo ago

(note: I'm non-EU, company is American with EU branch)

I informed a country's DPA that a company was leaking millions of user IDs within DSA transparency reports. EU developer documentation + DSA text states PII must not be within this data multiple times, proving severe incompetency.

On the day of their final update, the company suddenly banned my account, losing access to a significant chunk of my online life as well as nearly a decade of daily conversations with friends and family.

From that day onward, daily DSA transparency reports were empty for weeks (down from thousands daily).

Eventually they resumed, and past files containing PII were replaced with user IDs removed.

Tried contacting NGOs like EFF and the DPA again, they won't help either due to my non-EU status or because of their own caseload.

The company's DPO & legal teams have been locking and ignoring all communication attempts for months, they don't have any contact point outside of zendesk.

I can't afford lawyers either.

What should my next steps be?

Comments

almosthere•2mo ago

Drop company names, punish them further. Make sure you are legally covered. I don't know if you have any whistleblower protections, ask chatgpt

hn773746483•2mo ago

I considered it but I'd rather not wake up to threatening certified mail seeing as they're no stranger to these underhanded tactics. They have a fairly negative reputation among places like HN anyway.

stop50•2mo ago

Did you try to contact noyb? They are little compared to the eff, but have caused some changes since their founding.

hn773746483•2mo ago

Yup, NOYB couldn't help as I'm non-EU.

stop50•2mo ago

Also the DPA is not an NGO. It is an role in the gouvernment.

hn773746483•2mo ago

I know, I reached out to them regarding the retaliation and they started outright that I'm outside of the scope of the DSA and began ignoring my emails across the board, even to the dedicated crossborder address which initially responded to my disclosure.

Very frustrating, they accepted my initial info but when it became "company has retaliated against me after providing you that info" they wipe their hands clean of it.

Study confirms experience beats youthful enthusiasm

The Big Hunger by Walter J Miller, Jr. (1952)

The Genus Amanita

We have broken SHA-1 in practice

Ask HN: Was my first management job bad, or is this what management is like?

Ask HN: How to Reduce Time Spent Crimping?

KV Cache Transform Coding for Compact Storage in LLM Inference

A quantitative, multimodal wearable bioelectronic device for stress assessment

Why Big Tech Is Throwing Cash into India in Quest for AI Supremacy

How to shoot yourself in the foot – 2026 edition

Eight More Months of Agents

From Human Thought to Machine Coordination

The new X API pricing must be a joke

Show HN: RMA Dashboard fast SAST results for monorepos (SARIF and triage)

Show HN: Source code graphRAG for Java/Kotlin development based on jQAssistant

Python Only Has One Real Competitor

Tmux to Zellij (and Back)

Ask HN: How are you using specialized agents to accelerate your work?

Passing user_id through 6 services? OTel Baggage fixes this

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

Visual data modelling in the browser (open source)

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

Oddly Simple GUI Programs

The New Playbook for Leaders [pdf]

Interactive Unboxing of J Dilla's Donuts

OneCourt helps blind and low-vision fans to track Super Bowl live

Rudolf Vrba

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests

Wellness Hotels Discovery Application

NASA delays moon rocket launch by a month after fuel leaks during test

Study confirms experience beats youthful enthusiasm

The Big Hunger by Walter J Miller, Jr. (1952)

The Genus Amanita

We have broken SHA-1 in practice

Ask HN: Was my first management job bad, or is this what management is like?

Ask HN: How to Reduce Time Spent Crimping?

KV Cache Transform Coding for Compact Storage in LLM Inference

A quantitative, multimodal wearable bioelectronic device for stress assessment

Why Big Tech Is Throwing Cash into India in Quest for AI Supremacy

How to shoot yourself in the foot – 2026 edition

Eight More Months of Agents

From Human Thought to Machine Coordination

The new X API pricing must be a joke

Show HN: RMA Dashboard fast SAST results for monorepos (SARIF and triage)

Show HN: Source code graphRAG for Java/Kotlin development based on jQAssistant

Python Only Has One Real Competitor

Tmux to Zellij (and Back)

Ask HN: How are you using specialized agents to accelerate your work?

Passing user_id through 6 services? OTel Baggage fixes this

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

Visual data modelling in the browser (open source)

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

Oddly Simple GUI Programs

The New Playbook for Leaders [pdf]

Interactive Unboxing of J Dilla's Donuts

OneCourt helps blind and low-vision fans to track Super Bowl live

Rudolf Vrba

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests

Wellness Hotels Discovery Application

NASA delays moon rocket launch by a month after fuel leaks during test

Ask HN: Retaliation for privately disclosing user IDs in DSA transparency data?

Comments