Try emailing legal@atlassian.com if privacy@atlassian.com isn't getting you anywhere.
I can't speak to Atlassian specifically, but at sufficiently large companies, privacy@ emails tend to get routed directly to internal compliance teams, which may be operating under/within the legal org or just using a playbook legal has previously signed off on.
Legal@ has a good chance of being monitored by someone else. Worst case they route it back to the appropriate team and you continue getting stonewalled. Best case, the new set of eyeballs on the conversation has a very different view of the legal risk of your stonewalling experience, and you get what you want.
I haven't tried the above for compliance requests (as I'm not in a jurisdiction covered by GDPR or CCPA), but general BigCo experience has taught me just how variable responses from legal can be depending on which particular lawyer covers it[1]. Every lawyer evaluates risk in their own way, based on their experience, understanding, and conservative (or not) predilections. Simply having your correspondence seen by a different set of (legal) eyes could be enough to get a more satisfactory outcome for you.
[1] Or in this case, if the legal team sees it at all. Which may not be the case for privacy/compliance requests, if they've been delegated to a purpose-specific team that's operating off of a playbook.
I can't speak to Atlassian specifically, but at sufficiently large companies, privacy@ emails tend to get routed directly to internal compliance teams, which may be operating under/within the legal org or just using a playbook legal has previously signed off on.
Legal@ has a good chance of being monitored by someone else. Worst case they route it back to the appropriate team and you continue getting stonewalled. Best case, the new set of eyeballs on the conversation has a very different view of the legal risk of your stonewalling experience, and you get what you want.
I haven't tried the above for compliance requests (as I'm not in a jurisdiction covered by GDPR or CCPA), but general BigCo experience has taught me just how variable responses from legal can be depending on which particular lawyer covers it[1]. Every lawyer evaluates risk in their own way, based on their experience, understanding, and conservative (or not) predilections. Simply having your correspondence seen by a different set of (legal) eyes could be enough to get a more satisfactory outcome for you.
[1] Or in this case, if the legal team sees it at all. Which may not be the case for privacy/compliance requests, if they've been delegated to a purpose-specific team that's operating off of a playbook.