Monochrome vector graphic of a cat's nose and furry ears. The ears look similar to those of a desert fox.
Available languages
Tags: Privacy
Last change:
Written by: traumweh

Don't use Freenom #

After trying for over two years, to get my Freenom account deleted by making a complaint under the GDPR (Regulation (EU) 2016/679), said complaint is not going to be pursued further, because it only concerns me (no relevance for the public) and the effort would be too high to find out whether there is any legal basis at all that obliges the company to delete my account.

I’m talking about the Dutch company Freenom. A domain registrar that is primarily known for lending out domains of selected domain extensions free of charge. The company is also known for taking these domains away from users and selling them without notice. And last but not least, Freenom ignores any data protection concerns. The web interface does not give users an option to delete one’s account, and neither do their help pages mention account deletion at all. There is a support form, but let’s put it this way: I submitted my request for deletion in accordance with Article 17 GDPR on December 7, 2022 (and attached further information over time), but never received a response from Freenom. Not that the support is a sham, and doesn’t really exist. I did have a previously received a fairly unfriendly response to another service-related support request, which did not offer any support whatsoever, but was at least an answer.

Involving the Data Protection Authorities #

So, after a period of almost three months, I first contacted Hamburg’s Data Protection Officer, and then, in September 2023, the Dutch Data Protection Authority, the Autoriteit Persoongegevens (herinafter referred to as AP, the AP or the authority). After I received a reply about six more months later stating that the authority had too much to do, and had to send back an attached form, confirming that the problem had not been magically resolved, nothing happened for another year. Until a few days ago.

I received a letter in which the AP summarized the following: They looked at my complaint and reviewed the legal situation to determine what would be the minimum they needed to do. The AP came to the conclusion that they would send a letter to Freenom advising them of their obligations. That’s it. The AP will do nothing more. They justify this as follows:

De AP kan bij uw klacht onvoldoende efficiënt en effectief optreden
[The AP cannot act effiently and effectively enough in the case of your complaint.]

Wow, you said that really well! Here, have a gold star in the class log. But why can’t the AP do that?

De AP zal namelijk verder onderzoek moeten doen naar de door u gestelde overtredingen door bijvoorbeeld een onderzoek ter plaatse en/of het opvragen van informatie.
[The AP needs to review your alleged infringements in more detail, e.g. through investigations on site and/or by gathering information.]

Oh, right. Would be totally impractical if an authority would need to review a complaint by investigating it in order to review a complaint. But luckily they’ve got another argument!

De AP ziet geen breder maatschappelijk belang
[The AP does not see any broader social significance]

The authority always checks, whether an infringement had affected or could still affect many people, which would depend not least on the specific focus of the authority.

De focus van de AP voor 2025 is algoritmes & AI (kunstmatige intelligentie), big tech, vrijheid & veiligheid, datahandel en de digitale overheid.
[The focus of the AP in 2025 is algorithmes & AI (artificial intelligence), big tech, freedom & security, data trading and digital government.]

I would be so bold as to put this complaint in the “freedom” category. Meaning the argument must be based largely on social relevance, right?

Uw klacht ziet alleen toe op u. Het aantal betrokkenen dat door uw situatie kan worden geraakt is dus beperkt.
[Your complaint concerns only you. The number of people who could be affected by your situation is therefore limited.]

Oh, it only concerns me? Checks notes. Oh, no, wait a minute. A quick internet search shows that apparently no one on this planet has ever managed to delete their Freenom account, because (as I also described in my complaint) there is no form for this on the part of Freenom, and the support team skillfully ignores any and all GDPR requests.

Now what? #

De AP legt geen maatregel op aan de organisatie waarover uw klacht gaat. […] Uw klacht is altijd waardevol.
[The AP does not impose any measure on the organization about which your complaint is made. […] Your complaint is always valuable.]

I’m overjoyed! Now back to eating my hat…

[…] maar uw klacht helpt de AP evengoed persoonsgegevens in Nederland te beschermen. Als de AP bijvoorbeeld merkt dat een hoog aantal klachten over dezelfde organisatie gaat, dan kunnen we alsnog een verder onderzoek instellen. Verder kan uw klacht de AP bijvoorbeeld helpen bij een ander onderzoek dat we uitvoeren. Ook helpt de informatie de AP om onderzoeks- en beleidsonderwerpen te bepalen en om onze website te verbeteren.
[[…] but your complaint helps the AP to protect personal data in the Netherlands. For example, if the AP notices that a high number of complaints are about the same organization, we may still investigate further. Furthermore, your complaint may help the AP in another investigation we are conducting. The information also helps the AP to determine research and policy topics and to improve our website.]

While the AP is absolutely right about this, this letter however also hightlights some of the major problems with the GDPR. The GDPR is completely inaccessible to the majority of people. It already requires a disproportionate amount of knowledge to make a request to a company under Article 17 of the GDPR, or money for a lawyer. As if anyone would be as foolish as me to voluntarily escalate this into a complaint and send it to the relevant authority in case the company does nothing. And to do this in the Dutch language. Only to find out that these authorities are completely overwhelmed and that every further request being submitted makes it worse, so they try to talk their way out of as many complaints as possible with arguments about efficiency and relevancy, in the hopes of being able to at least follow up on the more significant cases.

The AP gives me six weeks from dispatch-date of its letter to lodge an appeal against the decision using a form. But I don’t know yet whether I am willing to make that effort. Otherwise, I dream think my only chance of getting this account adeleted is if there are actually other people to file such a complaint.