As part of a GDPR data access request, my mobile ISP denied having access to data such as which cell towers I am or have been connected to. Wasn't sure what to make of that. They are a virtual provider but, like, surely if the police comes knocking they suddenly find a way to that data... or does the police not knock at theirs but at the network operator's? Is the virtual operator then not the data controller, should I send access requests to suppliers? But then the data controller is not required to give a list of suppliers, just a list of 'categories' of third parties they share my data with... so that doesn't really add up.
I know a thing or two about GDPR but it's still complex enough that I don't know what my rights / their obligations are in this case.
The best I could figure, my virtual operator was lying to me about not having my location data 24/7 recorded, but I'd be interested if anyone can tell me more.
I know a thing or two about GDPR but it's still complex enough that I don't know what my rights / their obligations are in this case.
The best I could figure, my virtual operator was lying to me about not having my location data 24/7 recorded, but I'd be interested if anyone can tell me more.