top | item 29740102

(no title)

Do you have a paid account or a free account? If I store my documents on a free account for a one time send to the university application and then I forget about it, then Dropbox should purge it after a time to protect my data, as I don't have any "contract" with them like a subscription or something. The same for G2A, I have bought from them some game keys at a cheap price sometime ago and then I totally forgot that I have one, I couldn't even find the activation mail in my inbox, lol. One day in the summer I woke up with a mail that I have to pay an inactivity fee even if I'm just a row in their database and I have no contractual obligation with them.

discuss

fiddlerwoaroof|4 years ago

I had a family member go through a major life event that left his OneDrive account unused for about a year. When we needed to access tax documents on it, Microsoft had deleted it. I’m strongly against non-user initiated account deletion.

saurik|4 years ago

Yeah: I would take the opposite stance to this whole "accounts should be deleted due to inactivity" BS and say that a company that you entrusted your data to now has a moral responsibility to do everything they can to hold on to that data until such time as you explicitly relinquish them of that duty, and if the cost of such a requirement is scary you shouldn't put yourself in a position to hold on to other peoples' data in the first place.

valdiorn|4 years ago

Especially since the problem can be completely avoided by encrypting the user's data in the first place. Then the whole "we're deleting the data for your privacy" argument doesn't really hold up.

Also, have had similar experiences, and would be livid is someone deleted my data after only a few months.

kingcharles|4 years ago

I ended up in jail without any prior notice, for 8 years. You can imagine how much of my online life was still there when I got out.

ivan_gammel|4 years ago

In fact you have the contract with the services where you sign up. Even if you did not read T&Cs, you have accepted them and only then your relationship with the service started on their terms. You are not just a row in the database, you are a customer getting service in exchange for something. You have at least opted in to their data retention policy, and you have to opt out explicitly. If services will be required to purge the customer data after period of inactivity by default, chances are high that free accounts will simply cease to exist. In any case, quite significant share of customers would prefer to opt out from purge and they will be important enough from commercial perspective to make this opt out default in T&Cs acceptance process.

lexandstuff|4 years ago

So you'd like Dropbox to "protect your data" by deleting it?

I'd rather see my family photos leaked to hackers than see them purged from existence forever because I forgot to log in enough.

nickff|4 years ago

>"If I store my documents on a free account for a one time send to the university application and then I forget about it, then Dropbox should purge it after a time to protect my data, as I don't have any "contract" with them like a subscription or something."

I found this sentence interesting, as it contained positive and normative statements that I disagree with, with a non-sequitor between them. You say that you have no contract with them, even though you agreed to some sort of 'user agreement'. Then you say that you forgot about it, and that makes your faulty memory their problem. They have to make sure your data is secure for you because you... just don't bother to pay any attention to where you're leaving it? Should they also be responsible for checking your password against known breaches, to make sure it's not compromised? Where does this end?

_hzrk|4 years ago

Yes, they should check for any possible breaches. As any other responsbile company already does, like AWS for example which not only checks for breaches, but also scans public repositories like GitHub and GitLab for leaked credentials. A company should also warn a user from time to time that the respective needs to update his password, some companies are so careless that they don't even pay attention to this latter small detail. Or at least to warn an account holder that he still has an account with them.

> and that makes your faulty memory their problem

It is not only memory that is flawed in humans. Hence the protective measures I'm proposing.

> against known breaches

What about the unknown ones? How do you protect your user's account when under GDPR Dropbox is the controller of the data? By sending mails ocassionally to update the password, to adopt 2FA, by locking account due to suspicious activity or to purge it in the end if no further action is taken. It ends with the deletion of the user.