GDPR requires organizations to delete user data upon request (with a few specific exceptions). Does it place requirements on how such request must be made? E.g. does it require self-service, automated deletion processing, or can all deletion requests be handled by contacting customer support and then manually processed?

Resolution

Resolves YES if GDPR requires organizations to offer a self-service/automated account deletion option. Resolves NO if contacting support and manual processing is GDPR compliant.

If the answer is clear, based on discussion and analysis in the comments here, resolves as above. If it is not clear, then resolution will proceed by the following procedure:

• With 90% chance, I will resolve the market N/A. (I will generate a random number between 0 and 1, and check it is less than 0.9.)

• Otherwise, I and any other interested participants will make reasonable efforts to find a GDPR compliance expert to answer the question, and resolve to YES or NO based on their answer.

Background on resolution procedure

See https://dynomight.net/prediction-market-causation/ for a great explanation of the reasoning behind this randomization procedure. Basically, it's a way to predict what the answer will be, in a fully incentive-compatible prediction market, but with only a 1/10 chance of having to go to the expense of actually discovering the answer. This particular case might not be that expensive, but you could imagine a prediction market that asks "Would a GDPR lawsuit against organization X succeed?" and commits to a small, randomized chance of going through with the lawsuit to resolve the question.