"Under my rights as an EU user, I am formally requesting access to all data, evidence, and logs held in relation to the recent account action, in accordance with Articles 15 and 16 of the GDPR. This includes any system detections, telemetry, or visual data (such as screenshots or captures) used in determining the enforcement. The purpose of this request is to allow review and to demonstrate that the flagged activity was not malicious. Please confirm whether any images, memory dumps, or kernel-level logs were collected, and provide a copy or detailed description as required by EU data protection law."
This should be treated as a DSAR (Data subject access request), and they may ask for identification also under GDPR. They are legally bound to this within scope of operating in the EU, and can only decline if it's exposing company secrets. Even so, they can obfuscate any data in that scenario. I'm a software engineer in Retail Banking, so have to do training on this constantly.
And if they don't provide anything. Then what?
