[EU/GDPR] Anthropic ignores Art. 15 Subject Access Request after account suspension – Timeline and Facts
Hello r/privacy,
I am an EU resident (Germany) and want to document a case where Anthropic has failed to comply with a formal Subject Access Request (SAR) under Article 15 and Article 20 of the GDPR following an account suspension.
Below are the objective facts and the timeline of the correspondence. I am sharing this to see if others have faced a similar wall when trying to retrieve their data from Anthropic after a ban.
Context
My account was suspended by Anthropic's automated system under the incorrect assumption of being used by a minor. When appealing the ban, Anthropic requested a verification procedure. I declined to provide biometric data or undergo third-party biometric scans on privacy grounds but explicitly offered alternative, privacy-preserving methods to verify my legal age.
Since the account remained locked, I requested a full export of my personal data (including complete chat histories and uploaded documents) to which I am legally entitled under EU law, regardless of account status.
Timeline of Facts
- May 2026 (Initial Appeal & Request): I filed a formal appeal regarding the false-positive suspension, noting my refusal of biometric third-party scans. Anthropic's support responded with an automated/standard template stating that the security team evaluates options but cited longer response times.
- May 20, 2026: Seeing that the account remained blocked, I formally exercised my Right of Access (Art. 15 GDPR) and Right to Data Portability (Art. 20 GDPR), requesting a complete copy of all my account data and chat histories in a machine-readable format (JSON/CSV).
- Anthropic's Response: The system generated a ticket stating: "We are escalating your question to a member of our privacy team to provide further assistance... we will send you an email when an agent has responded." (Conversation ID: 215474215256846).
- May 21, 2026 (First Deadline): The initial deadline passed with no response from the privacy team.
- May 22, 2026: I sent a second notice, establishing a final deadline for May 29, 2026, and explicitly outlining the legal consequences under Art. 83 GDPR regarding fines for denying data subject rights. No response was received.
- End of May 2026 (Final Notice): A final 12-hour warning was submitted via their system, noting that the case would be escalated to the competent supervisory authorities (the Irish Data Protection Commission and my local German DPA).
Current Status
The statutory one-month response window under GDPR Article 12(3) has fully expired. Anthropic's privacy team has failed to deliver the requested data export, and the support interface remains unhelpful. The data is effectively being withheld.
Next Steps & Questions
I have fully documented the case and am now submitting a formal complaint to my local DPA (LDI NRW in Germany) and the Irish DPC.
- Has anyone else who experienced an automated account ban by Anthropic successfully forced them to hand over their chat history under Art. 15?
- Did their privacy team ever reply to your escalated tickets, or does Anthropic routinely ignore data export requests from suspended accounts?
Thank you for keeping the discussion factual and focused on the data rights aspect.