In the EU, data privacy and the way a company manages a private person’s data is taken very seriously. This is in stark contrast to the way data privacy is handled in the United States, and if a company from the United States should wish to do business in the EU, they must follow the GDPR guidelines or suffer potentially grave consequences.
These are not empty threats. In July, Amazon Europe
paid the largest GDPR violation penalty in history. The retail giant was ordered to pay a whopping €746 million after a 10,000-person complaint against the behemoth regarding the way it processes user data was found to be in violation of user's privacy.
It seems that LastPass, who is
busy playing cleanup after December’s security debacle, might be throwing its hat in a ring of burning cash. In a
Reddit post, user /u/nametaken_thisonetoo posted his grievances with the company, explaining the numerous ways the software holds your data hostage. The post was quickly followed up by
an article on AlternativeTo where the author connected these pain points to
violations of the GDPR.
Of the many grievances listed, some really standout and they all revolve around tactics that make it hard, if not impossible, for a LastPass free user to export their personal data. For instance, if you’ve dropped down to a free account, LastPass can lock you into their desktop browser offering after three switches between mobile or desktop. Once you’re locked into the desktop plugin, you may not be able to export your data because of a myriad of unanswered bugs.
LastPass forum user
tombrady reported this bug on 3/21/2021 where options to export data are simply greyed out with no recourse, and there is still no solution almost ten months later. Interestingly, the forum post was marked as an "accepted solution" by LastPass staff member GlennD who said, “
We are aware of this issue and will be releasing an update very soon to correct this”.
In spite of this, the forum post continues to receive complaints of their data being held hostage with no actual confirmation of the bug being fixed. There have been two posts in the last 24 hours asking why the bug still hasn’t been fixed. Meanwhile, GlennD is
seemingly fixing all the reported errors by hand. The fact that this bug exists at all may be in direct violation of
Article 20 of the GDPR, Right to data portability. This article explicitly states that users should have access to their data, in a ‘commonly used and machine readable format’, without distinction between paying and non-paying customer.
