GDPR Account deletion
GDPR Account deletion
Hello, I wrote a mail template which I send to websites that don't have an easy process of deleting an account.
Maybe it helps you, maybe you will use it too for when you want to delete your unused accounts and maybe you can contribute to it. The better the message gets and the more websites offer an easy way to delete accounts, the safer we'll be online.
If you can influence the deletion policy, please read on. Otherwise, please forward this to someone that can influence this process.
It's better for the business to offer an easy way to delete an account. Ideally, it would be good to delete accounts which weren't active for more than say 5 years, with a mail notification beforehand. Why? Here are the main reasons:
- There are higher operation and maintenance costs because you have unused accounts in your databases.
- The services load slower, with a performance penalty, because each user-related query has to go through many unused users.
- The people opinion of your services decreases, because you don't offer an easy way to delete accounts
- People might change their mail to a throw-away address and leave the account open, thus producing more waste than necessary.
- In case of a security breach, the amount of compromised data is higher than in case you regularly delete accounts, which might lead to financial penalties.
- The information you get out of a database with active accounts is much more precious than the information from a stale database, or one with obsolete data.
I hope this information helps and that you will change your policy of deleting accounts. Each website that does this, contributes to a better, safer ecosystem.
I usually just write
Hi,
Please delete my account and all data associated with this email in accordance with Article 17 of GDPR, I'm an EU citizen
Thanks x
I just assume if they haven't made it easy to delete your account by now then they never will but these are really good points that will hopefully make companies change their policies, especially since its all things that benefit them
Can't a non EU holder of your data tell you to kick rocks?
No, because by processing EU personally identifiable information a non EU company becomes a data controller / processor as defined by GDPR and has to comply with its requirements including data subject rights, such as the right to access, rectification or deletion.
Well, they can still tell you to kick rocks obviously, in which case you could report this to your EU regulator as empowered by the GDPR. If a regulator decides action is necessary this would follow the sanctions as set out in GDPR (maximum of 10 million or 4% gross worldwide annual turnover).
Comma splice.
Even if I'm from the US, could I mention the GDPR? Would it work?
You could chance it, but they probably have logs of your IP/location data or they bought your data somewhere and so they could check, if they cared enough, but if you're not an EU citizen and you live in an EU country then GDPR applies to you
Lying to companies isn't illegal (yet).
Why this ensures the account is deleted, I wanted to convince the company to improve their policy so that other people will have an easier time to delete their accounts, should they wish this. That is also why I wasn't talking "legal" and mentioned the company benefits from this.
you can't convince companies that are profit driven. They follow whatever is the best decision for profit, which is clearly not letting you delete your account because they would've done that earlier if it led to profit. This assumes full efficiency on the side of the company but if they are large enough, that means that they are efficient enough to beat the competition already.
A company will never do anything that is not increasing their profit. If the profit of breaking law is greater than the fine then they will do it.
What they will do, is create a button called "delete account" which will just block you from logging in. It will not delete your content. Sending an email which clearly says they're getting sued is probably the easiest option. You gotta speak their language.