And out of nowhere, after posting this comment, Otter.ai now has responded after ghosting me for 3,5 weeks. They are no longer quoting the CCPA, but now are misinterpreting the GDPR and claim that every user is their own little GDPR data controller island and they're merely a "hosting platform". It's all very convenient and creative.
Their response:
Thank you for reaching out to Otter.ai. Under Articles 12 and 17 of the GDPR, Otter.ai is able to delete personal data that is stored in and controlled by your own account. However, Otter.ai cannot delete personal data that is stored in another user’s account. In those cases, Otter.ai acts as the processor or hosting platform, and the other user is the controller for that content. As such, only that account holder has the authority to remove the content.
If you wish to have such data deleted, we recommend that you contact the relevant user directly and exercise your rights under the GDPR with them.
Thank you,
Otter.ai Privacy Team
To which I responded: To whom am I speaking? Is this the Privacy Officer? Why have you been ignoring emails for 3,5 weeks since the 23rd of July, while a GDPR request was filed on the 8th of July?
You know very well that a meeting agent of Otter.ai, the emails by Otter.ai and the website of Otter.ai fall under the direct responsibility of Otter.ai as data controller. Your privacy statement in no way supports a narrative that Otter.ai would act as a so called "hosting platform". It's preposterous to suggest that every one of your users – not being a company but a private person – would be it's own little GDPR data controller island and you're merely an accidental processor of data. Jurisprudence is very clear on this and this notion will be outright rejected.
The deadline has long passed, I'm initiating a court procedure this week.
Hoogachtend,
