I'm not sure about that. Information that is saved about a user might be more security-relevant than what someone - they or someone who hacked their account - might see in their account.
It clearly is something I would not want to have hours of meetings with legal council about, so I can see why some organisations may err on the safer side.
If someone has access to your password and 2FA method, they can impersonate you and destroy your reputation, buy things in your name, consult all your old photos and learn everything about you, etc, and no platform will ever ask them a EU id at any point in the process.
The idea that a platform asks for a EU id for any reason other than making the GDPR request process more painful is laughable.
there is a possible reason, the gdpr applies to EU citizens, EU residents, and people within the EU, so it is reasonable they ask you to prove you are one of these categories.
Yeah, no kidding. Of course they want you to prove you're a EU citizen, because they want to make as little effort as possible.
I don't consider that reasonable. Data portability should be a right. You shouldn't have to jump through hoops to exercise that right, and companies shouldn't be asking you "can you prove beyond a doubt that we're legally obligated to give you your data" before doing so.
I agree, I would like them to offer this service to everyone, but the reason they ask for an EU ID is not "emails are to easy, have them suffer" but more likely "we really have not set up a process for this so we will not do this unless forced by the law"
The solution to this is to have their own government impement a GDPR-like policy.
It clearly is something I would not want to have hours of meetings with legal council about, so I can see why some organisations may err on the safer side.