Volker Greimann wrote on 20/02/2021 00:39:
It sounds GDPR legal. After all, they are telling you exactly what will happen with anything that you send there, so by sending it there in full knowledge, you are essentially consenting to that processing of your data.
the best that could be said in this situation is that it's not clear. If you're reporting an abuse complaint to a responsible provider with clearly documented abuse processes which are carefully followed, and who has a good relationship with a responsible client who had clearly documented abuse processes which are carefully followed, then maybe this might ok. OTOH if it's a bulletproof hoster with poor processes / process compliance and the client abuses abuse reports (e.g. uses them to confirm that emails are still active), then that's less likely to be in any way legal. But a-priori, you don't know. Also GDPR consent compliance isn't achieved by "telling you exactly what will happen with anything that you send there". The European Data Protection Board has extensive documentation on GDPR interpretation:
https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recom...
of which the document regarding Consent is well worth reading:
https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-05...
Specifically it notes: "As a general rule, the GDPR prescribes that if the data subject has no real choice, feels compelled to consent or will endure negative consequences if they do not consent, then consent will not be valid". tl,dr: ianal + the OP's case would benefit from analysis by an actual lawyer with competence in this complex area. The above is purely speculation. Nick