211
In my honest opinion, I don't think companies really delete every last kb of your data. Your data probably still exists on a backup in some server farm.
As far as I've seen, on 99% of websites that I use, there's a Delete account button. And I believe that's because of GDPR.
It doesnt delete an account, it makes account invisible. To wipe data people can try to send gdpr request to DPO, by my experience most of the Big companies doesnt satisfy such requests based on broad meaning of "legitimate interest" "fraud prevention" "implement security measures" "protect others users"
I already have like 6 complaint to DPA for companies refusing to delete data
EU already has this with the GDPR. Only limitation are retention periods required by law, like employee data needs to be kept for ten years in Germany for example, but for the duration whoever has the data must block it from being processed for anything but the legal requirment, as that becomes the legal basis for processing (storing in this case) and no other uses are allowed until deletion.
Only applies to EU citizens though plenty companies have implemented straightforward ways to delete an account for everyone.
VPN to Spain, you'll find that a lot more options for deleting your account will be available.
(Spain aggressively pursues GDPR violators)
¡Viva España!
I am a proud resident of Spain 🇪🇸🇪🇸🇪🇸
With a VPN, we are all a proud resident of Spain! 🇪🇸🇪🇸🇪🇸
I'm Spanish and currently Spain has a very left oriented policy, at least compared to the most other EU countries. But the future remains unclear, "dark forces are strong, my little padavan".
Thanks! I've been German and even Swedish, but never a Spaniard. The only real challenge is that so many incompetent web developers ignore language preferences and look only a country of origin for site text, and I don't understand Spanish.
It's not too common that this happens, worst case you can just drop the text into duck.ai or something to get an English translation.
Or you could just learn Spanish, ez
Spanish is remarkably easy. However, ðat's a lot of extra effort just to browse a web of already questionable content value.
As others have noted, the EU's GDPR does contain a Right to Delete. Some states have implemented the right on an individual basis, but it's going to be difficult to implement on a national basis because of the current political climate. A nationwide federal privacy law was in the works, but it contained a poison pill in the form of federal preemption, meaning that it would set a hard ceiling for data privacy that states wouldn't be free to exceed with their own legislation.
If you've got the time, I would encourage you to reach out to your representative in the state legislature to advocate for a state privacy law. You can point towards California's CCPA or Colorado's CPA as examples of already active privacy law. Companies are already supposed to be in compliance with these laws, but only with respect to consumers in those states. Point out that there shouldn't be much (if any) additional burden to extend that protection to your state. Your state AG can't enforce your privacy rights if they're not enshrined in legislation.
It should be a human right, worldwide for all humans.
There was a rulethat was close to being enacted by the FTC that had to do with that, the "click-to-cancel" rule. It was supposed to go into effect 2 weeks ago.
It would have required companies to "make it as easy to cancel, as it was to sign up" for tons of things in the US.
It said that companies had to provide an easy way to cancel, that took equally long as signing up or less, AND via the same medium. So companies couldn't make you call to cancel if you signed up online.
Unfortunately, it was stopped by the 8th circuit court, who deemed it "outside the FTC's authority" which is absolute bullshit, that's why they exist.
I really hope it manages to get pushed through somehow, because so many companies are just the absolute worst scumbags and constantly getting away with it.
edit: it's not quite the same as deleting an account, i realize that. it still would have enabled a lot of these 'services' to get shut down easily.
I'm sure conservative were all over that "activist judge", right?
They might delete your account but the data is something else.
That's why, when I have to email someplace to request account deletion, I write "Please delete my account and all the information associated with it." Probably doesn't make a difference, but worth a shot I guess.
I hear you.
It was better in the old days when you could just write "drop table' in the username prompt.
Wouldn't this fall under existing "Right To Be Forgotten"/privacy rules in the EU??
Maybe the EU will pass some legislation that will carry over to the US
GDPR requires the right to have your data deleted at least, but a lot of companies will only allow that if you are within the EU (because of profit and spite, I suppose). Though some just allowed it for everyone instead
Similar for California Consumer Privacy Act where a lot of companies will only let you do the stuff it requires if you are within California
Sort of like the “unsubscribe” button you get at the bottom of some emails. Did they have to pass a law to get that enacted?
Yes, see the CAN-SPAM Act of 2003
It's always better to avoid as much possible to make an account and not before you have checked all conditions, to not regret it later. In some sides it's almost impossible to delete your account (eg.Facebook, adding that if you after request it it last several weeks to delete your account, all your content pass to be property of Facebook (see TOS)
Right to be forgotten is supposed to cover data deletion, though the EU has much stronger protections than the US.
Sounds like you want to live in the EU because we already have that.
I recently switched from Enpass to Bitwarden and as a result decided that, while I was at it, I would delete accounts I don't use anymore. Oh boy, some were incredibly difficult to delete. Some would only anonymise data and remove login access. And one outright refused to delete my account. Unfortunately New Zealand privacy law only covers accessing and changing personal information so I'm shit out of luck with threatening anything legal to force that company to remove my account. One company (Klarna) has taken months to respond and since stopped replying to my request to delete and I haven't been able to find a way to escalate my request :/
Likely from now on I will check account deletion policies before making an account and it will be a hard pass if they don't allow account deletion.
It already exists in the EU (and I think California has passed something similar?). One trick you can use is to change your location to an EU country and then request deletion.
the CAN-SPAM act gave us the unsubscribe button in emails 22 years ago. Before that companies would often make it pretty hard to unsubscribe. I think it's being undone though.
100% agree. This should be as easy as creating a new account.
Alas, this :
Maybe the EU will pass some legislation that will carry over to the US . . .
Is highly unlikely.
The EU just knelt once more to the USA (and to Trump) and that won't end here. I have little doubt USA next target in the EU will be most if not all regulations regarding data handling/protection. US businesses need data more than ever (at the very least because of AI), including EU citizens data.
EU already has that. It's called GDPR (see art. 17 & 19).
Not talking about what we have (I'm French, thx I know GDPR) but what I think will be the next target of the US. And, to me, it will be those regulations making it so hard for US businesses to do whatever they want with our data.
American companies (big international player at least) don't really care what regulation we have in the EU. They can just ignore it and if they get caught those fines are just a "cost of doing business". The only way is not to use any of them.
They can just ignore it and if they get caught those fines are just a "cost of doing business".
I think we won't have to wait that long to see if they keep on ignoring it or if, like I think they will do, they will coerce the EU into curbing its (probably too) many regulations.
The only way is not to use any of them.
Not that simple when more and more services are not just 'nice to have' or for fun but required.
I can not use streaming services (and I don't), I can not play online. I can not use YT, and so on. But I cannot not use my doctors, right?
Here in France, our medical appointments (and more and more of our medical data) are hosted by the 'Doctolib' platform which uses... MSFT servers (note that it would not be much better it they were using AWS or Google). Add to that that almost all doctors are using Doctolib which makes it so you can hardly get an appointment without using that service even when you take said appointment by phone since on their side of the call they will then record said appointment on Doctolib, because it's what they've been taught to use and associate it with the email address you probably have already given them if they need to contact you (email that most of the time will be either Gmail or Msft).
On the same line, for years I used to receive most of my medical analysis and exams (of which I have... quite a few every single year) through snail mail or directly after the examination, as a print out. I stopped to, they're now all stored on Doctolib and even if I did not have an account, it's stored on all my doctors accounts...
Last year, the last of the many doctors not using it did not even inform us they had started using Doctolib. One morning, after calling them for my next appointment, I simply received confirmation through Doctolib by email and on their app.
Worse (?), another doctor of mine is using Gmail for all her email with her patients, email that is used to send and receive test results, share intimate informations,... I explained the issue to her, even suggesting a couple EU-based alternatives. She plolitely listened to me and then shrugged telling me Gmail worked fine and was free. She is a good doctor, mind you, but like too many she simply can't be bothered with changing her habits.
Imho, in the case of services like those and email, thd solution is not to stop using them: even if I don't use them myself, that doesn't change much the moment my correspondents keep using them, or even if said email is at one time or another hoisted on US-owned server.
A better solution would be to make it much more obvious that we should use EU-based solutions, because it's in our best interest, and make it much more rewarding too, maybe, and make it simpler. And then, sometimes make it mandatory as in required by some law to use EU-based solutions but how would that be a thing when most of our elected are just... well, they are what they are, and that's not a compliment.
A longer term solution should also be to give younger people (it's too late for the vast majority of the older generations, even more so for mine), to give them a minimal but real (not the usual bullshit) computer education and to also give them some notions on the value of privacy in a democratic society, be it digital privacy or not. But how would that be a thing in the same as education as almost entirely given up on teaching kids even fundamentals skills like doing math, reading and writing?
Was more talking about using any of them personally. They are quite unavoidable unfortunately when you have to do business with someone.
Worse (?), another doctor of mine is using Gmail for all her email with her patients, email that is used to send and receive test results, share intimate informations,...
This is quite the data breach. I'd take it up with the data protection officer of the company where the doctor work if applicable or with the national data protection agency. As a non-lawyer I'd say this is a breach of the GDPR and other laws. This doctor hands over highly confidential data to third parties.
As a non-lawyer I'd say this is a breach of the GDPR and other laws. This doctor hands over highly confidential data to third parties.
I would agree with you, but it is also very representative of how many doctors/specialists are working in the country and since we're already short on doctors, I certainly don't want to get her 'removed' ;)
I have an old account I am locked out of due to 2FA I don't have access to. I really want to get rid of that account, due to its content, which is publicly available for anyone to see. But alas, 'tis not possible. MFers running the forum won't answer my emails, whether I request sensibly and professionally for help, or threaten them with GDPR. Or act like I want my account back for use. GDPR people also haven't been very helpful (I've gone as far as providing evidence of contact. Have once heard "They 'Murican. Not EU. \shrugs"). Having cleaned out old, unused accounts, finding said account is easy due to a lack of other stuff to fill up search results, and having used a common username of mine for it was also dumb of me. I dream of the day said account is gone, for my peace of mind. But alas, at least half a decade trying. And it got me nowhere
this post was submitted on 30 Jul 2025
211 points (98.6% liked)
Privacy
40319 readers
514 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS