204
I wish there was a "Right to have your account deleted" (lemmy.ml)
submitted 4 days ago* (last edited 4 days ago) by zdhzm2pgp@lemmy.ml to c/privacy@lemmy.ml
24 comments fedilink hide all child comments

Basically what it says in the title. Too many sites make you jump through all these hoops to have your account deleted, and sometimes even then don't do it.

I know about justdeleteme, but unfortunately that doesn't cover a lot of things. Threatening legal action with my state's attorney general—in one case, anyway—didn't work. Maybe the EU will pass some legislation that will carry over to the US . . .

Anyway, don't mind me, just griping.

EDIT: Sort of like the "unsubscribe" button you get at the bottom of some emails. Did they have to pass a law to get that enacted?

all 25 comments
sorted by: hot top controversial new old
[-] Imperor@lemmy.world 80 points 4 days ago

EU already has this with the GDPR. Only limitation are retention periods required by law, like employee data needs to be kept for ten years in Germany for example, but for the duration whoever has the data must block it from being processed for anything but the legal requirment, as that becomes the legal basis for processing (storing in this case) and no other uses are allowed until deletion.

Only applies to EU citizens though plenty companies have implemented straightforward ways to delete an account for everyone.

[-] MachineFab812@discuss.tchncs.de 32 points 4 days ago

Wouldn't this fall under existing "Right To Be Forgotten"/privacy rules in the EU??

[-] FrostyPolicy@suppo.fi 6 points 3 days ago* (last edited 3 days ago)

It does. Art. 17 of the GDPR.

[-] cookie019@lemmy.dbzer0.com 1 points 2 days ago

Its restricted by legitimate interest - see process Google vs Spain

[-] irmadlad@lemmy.world 2 points 2 days ago

In my honest opinion, I don't think companies really delete every last kb of your data. Your data probably still exists on a backup in some server farm.

[-] lattrommi@lemmy.ml 19 points 4 days ago* (last edited 4 days ago)

There was a rulethat was close to being enacted by the FTC that had to do with that, the "click-to-cancel" rule. It was supposed to go into effect 2 weeks ago.

It would have required companies to "make it as easy to cancel, as it was to sign up" for tons of things in the US.

It said that companies had to provide an easy way to cancel, that took equally long as signing up or less, AND via the same medium. So companies couldn't make you call to cancel if you signed up online.

Unfortunately, it was stopped by the 8th circuit court, who deemed it "outside the FTC's authority" which is absolute bullshit, that's why they exist.

I really hope it manages to get pushed through somehow, because so many companies are just the absolute worst scumbags and constantly getting away with it.

edit: it's not quite the same as deleting an account, i realize that. it still would have enabled a lot of these 'services' to get shut down easily.

[-] usernamesAreTricky@lemmy.ml 19 points 4 days ago* (last edited 4 days ago)

Maybe the EU will pass some legislation that will carry over to the US

GDPR requires the right to have your data deleted at least, but a lot of companies will only allow that if you are within the EU (because of profit and spite, I suppose). Though some just allowed it for everyone instead

Similar for California Consumer Privacy Act where a lot of companies will only let you do the stuff it requires if you are within California

Sort of like the “unsubscribe” button you get at the bottom of some emails. Did they have to pass a law to get that enacted?

Yes, see the CAN-SPAM Act of 2003

[-] Nick@mander.xyz 9 points 3 days ago

As others have noted, the EU's GDPR does contain a Right to Delete. Some states have implemented the right on an individual basis, but it's going to be difficult to implement on a national basis because of the current political climate. A nationwide federal privacy law was in the works, but it contained a poison pill in the form of federal preemption, meaning that it would set a hard ceiling for data privacy that states wouldn't be free to exceed with their own legislation.

If you've got the time, I would encourage you to reach out to your representative in the state legislature to advocate for a state privacy law. You can point towards California's CCPA or Colorado's CPA as examples of already active privacy law. Companies are already supposed to be in compliance with these laws, but only with respect to consumers in those states. Point out that there shouldn't be much (if any) additional burden to extend that protection to your state. Your state AG can't enforce your privacy rights if they're not enshrined in legislation.

[-] deadcatbounce@reddthat.com 7 points 3 days ago

They might delete your account but the data is something else.

[-] zdhzm2pgp@lemmy.ml 6 points 3 days ago

That's why, when I have to email someplace to request account deletion, I write "Please delete my account and all the information associated with it." Probably doesn't make a difference, but worth a shot I guess.

[-] deadcatbounce@reddthat.com 7 points 3 days ago

I hear you.

It was better in the old days when you could just write "drop table' in the username prompt.

[-] meliante@lemmy.world 11 points 4 days ago

Sounds like you want to live in the EU because we already have that.

[-] Thorned_Rose@sh.itjust.works 9 points 4 days ago

I recently switched from Enpass to Bitwarden and as a result decided that, while I was at it, I would delete accounts I don't use anymore. Oh boy, some were incredibly difficult to delete. Some would only anonymise data and remove login access. And one outright refused to delete my account. Unfortunately New Zealand privacy law only covers accessing and changing personal information so I'm shit out of luck with threatening anything legal to force that company to remove my account. One company (Klarna) has taken months to respond and since stopped replying to my request to delete and I haven't been able to find a way to escalate my request :/

Likely from now on I will check account deletion policies before making an account and it will be a hard pass if they don't allow account deletion.

[-] breakingcups@lemmy.world 9 points 4 days ago

It already exists in the EU (and I think California has passed something similar?). One trick you can use is to change your location to an EU country and then request deletion.

[-] Core_of_Arden@lemmy.ml 4 points 3 days ago

It should be a human right, worldwide for all humans.

[-] Libb@piefed.social 6 points 4 days ago* (last edited 4 days ago)

100% agree. This should be as easy as creating a new account.

Alas, this :

Maybe the EU will pass some legislation that will carry over to the US . . .

Is highly unlikely.

The EU just knelt once more to the USA (and to Trump) and that won't end here. I have little doubt USA next target in the EU will be most if not all regulations regarding data handling/protection. US businesses need data more than ever (at the very least because of AI), including EU citizens data.

[-] FrostyPolicy@suppo.fi 1 points 3 days ago

EU already has that. It's called GDPR (see art. 17 & 19).

[-] Libb@piefed.social 1 points 3 days ago

Not talking about what we have (I'm French, thx I know GDPR) but what I think will be the next target of the US. And, to me, it will be those regulations making it so hard for US businesses to do whatever they want with our data.

[-] FrostyPolicy@suppo.fi 2 points 3 days ago

American companies (big international player at least) don't really care what regulation we have in the EU. They can just ignore it and if they get caught those fines are just a "cost of doing business". The only way is not to use any of them.

[-] Libb@piefed.social 3 points 3 days ago

They can just ignore it and if they get caught those fines are just a "cost of doing business".

I think we won't have to wait that long to see if they keep on ignoring it or if, like I think they will do, they will coerce the EU into curbing its (probably too) many regulations.

The only way is not to use any of them.

Not that simple when more and more services are not just 'nice to have' or for fun but required.

I can not use streaming services (and I don't), I can not play online. I can not use YT, and so on. But I cannot not use my doctors, right?

Here in France, our medical appointments (and more and more of our medical data) are hosted by the 'Doctolib' platform which uses... MSFT servers (note that it would not be much better it they were using AWS or Google). Add to that that almost all doctors are using Doctolib which makes it so you can hardly get an appointment without using that service even when you take said appointment by phone since on their side of the call they will then record said appointment on Doctolib, because it's what they've been taught to use and associate it with the email address you probably have already given them if they need to contact you (email that most of the time will be either Gmail or Msft).

On the same line, for years I used to receive most of my medical analysis and exams (of which I have... quite a few every single year) through snail mail or directly after the examination, as a print out. I stopped to, they're now all stored on Doctolib and even if I did not have an account, it's stored on all my doctors accounts...

Last year, the last of the many doctors not using it did not even inform us they had started using Doctolib. One morning, after calling them for my next appointment, I simply received confirmation through Doctolib by email and on their app.

Worse (?), another doctor of mine is using Gmail for all her email with her patients, email that is used to send and receive test results, share intimate informations,... I explained the issue to her, even suggesting a couple EU-based alternatives. She plolitely listened to me and then shrugged telling me Gmail worked fine and was free. She is a good doctor, mind you, but like too many she simply can't be bothered with changing her habits.

Imho, in the case of services like those and email, thd solution is not to stop using them: even if I don't use them myself, that doesn't change much the moment my correspondents keep using them, or even if said email is at one time or another hoisted on US-owned server.

A better solution would be to make it much more obvious that we should use EU-based solutions, because it's in our best interest, and make it much more rewarding too, maybe, and make it simpler. And then, sometimes make it mandatory as in required by some law to use EU-based solutions but how would that be a thing when most of our elected are just... well, they are what they are, and that's not a compliment.

A longer term solution should also be to give younger people (it's too late for the vast majority of the older generations, even more so for mine), to give them a minimal but real (not the usual bullshit) computer education and to also give them some notions on the value of privacy in a democratic society, be it digital privacy or not. But how would that be a thing in the same as education as almost entirely given up on teaching kids even fundamentals skills like doing math, reading and writing?

[-] FrostyPolicy@suppo.fi 2 points 3 days ago

Was more talking about using any of them personally. They are quite unavoidable unfortunately when you have to do business with someone.

Worse (?), another doctor of mine is using Gmail for all her email with her patients, email that is used to send and receive test results, share intimate informations,...

This is quite the data breach. I'd take it up with the data protection officer of the company where the doctor work if applicable or with the national data protection agency. As a non-lawyer I'd say this is a breach of the GDPR and other laws. This doctor hands over highly confidential data to third parties.

[-] Libb@piefed.social 1 points 3 days ago

As a non-lawyer I'd say this is a breach of the GDPR and other laws. This doctor hands over highly confidential data to third parties.

I would agree with you, but it is also very representative of how many doctors/specialists are working in the country and since we're already short on doctors, I certainly don't want to get her 'removed' ;)

[-] Zerush@lemmy.ml 4 points 3 days ago

It's always better to avoid as much possible to make an account and not before you have checked all conditions, to not regret it later. In some sides it's almost impossible to delete your account (eg.Facebook, adding that if you after request it it last several weeks to delete your account, all your content pass to be property of Facebook (see TOS)

[-] lemmyknow@lemmy.today 4 points 4 days ago* (last edited 4 days ago)

I have an old account I am locked out of due to 2FA I don't have access to. I really want to get rid of that account, due to its content, which is publicly available for anyone to see. But alas, 'tis not possible. MFers running the forum won't answer my emails, whether I request sensibly and professionally for help, or threaten them with GDPR. Or act like I want my account back for use. GDPR people also haven't been very helpful (I've gone as far as providing evidence of contact. Have once heard "They 'Murican. Not EU. \shrugs"). Having cleaned out old, unused accounts, finding said account is easy due to a lack of other stuff to fill up search results, and having used a common username of mine for it was also dumb of me. I dream of the day said account is gone, for my peace of mind. But alas, at least half a decade trying. And it got me nowhere

this post was submitted on 30 Jul 2025
204 points (100.0% liked)

Privacy

40413 readers
351 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz