Want to just add my voice to others who’ve already said this isn’t true.
I work at a company where the task to ensure that every last shred of a person’s data is deleted when they leave the service took a whole team more than a year to develop. It includes all backups and databases, and is complete shortly after 45 days have elapsed (which is in our T&C to ensure that users have enough time to migrate their data, or even reverse their decision).
I worked for a company that made games that were used by young children and so covered by COPA. They definitely took a lot of care to delete everything.
You can create a special deleted user account, and that claims ownership of FK relations that would break things. But then a lot of relational datastores aimed at Big Data (tm, rights reserved, patent pending) don't do super well at updates.
When a user requests deletion from my wishlist service, I fully delete everything, not only to be GDPR-compliant, but because it's the right thing to do. This includes:
- Their account changes and passports
- Their own wishlists, including all items added
- Any claims they've made on other wishlists
- Any item suggestions they've added to other wishlists
- The checked status of any item suggestions they've checked on other wishlists
- Removing them as partners on collaborative wishlists created by others
- The user
I'm not sure why someone would _want_ to keep user data around, as that seems more of a liability than an asset.
Ok, we all understand the idea of a tombstone (a "deleted" field in the record that is set on deletion). However, the article actually describes something much worse -- user deletes their account and subsequently the account is still active. Not "marked deleted but some data is still on the disk" but rather "completely active, works, can still log in". This is surprising to me. I would not expect to see that really ever. But the article claims that this occurred in some significant number of their tests. Not sure how to interpret that.
That's illegal under the GDPR and many other privacy laws and is subject to heavy fines if caught. I work in privacy at a large tech company, and we take this stuff extremely seriously.
Confluence even explicitly does this - you can do a “gdpr delete” which disables the user and replaces all info with random strings. It’s kind of hilarious.
This is a bit too absolute but I too have worked for SAAS companies who told people things were deleted when they were soft deleted or not deleted at all.
At the company I work for we actually hard-delete all user/tenant data, when requested. The column you mention is used for soft-deletion, which is a transient state. Even when not explicitly requested by the customer, we still hard-delete soft-deleted data that has been stale for at least X months (6?).
So yeah, some companies really delete customer data, by request or by policy.
Admittedly we're a two-person startup so not exactly the same as a big corporate, but at Supernotes[1] we actually delete you from the database when you delete your account.
> 2 services moved my account to a different email address instead of deleting it. I was only able to detect this because they changed the mailbox part (the bit in front of the @ sign) but left the domain unchanged. I capture all incoming emails to my domain, so I saw email-change confirmation emails and other emails arriving at the new unexpected addresses.
That's sketchy, especially if you don't own the domain but you're on a multi tenant domain like Gmail
I've also had no luck getting Google to delete an unused Developer Account. They suggest I stop using my Google account and create a new one; abandoning all services in the process.
Before requesting an account "deletion" for an account you have anywhere, always go through every single field and enter fictitious data. This includes adding fictitious photos and the like. The service may keep the previous iterations of the data, sure, but that's less likely than them keeping the latest version of the data, which is almost a certainty.
And precisely for that reason many companies nowadays don't allow to edit/modify certain fields unless you request support and provide a proof of your identity.
This is super duper common. Most companies that I've run across don't actually have a mechanism for properly deleting accounts.
My anecdote: Collage.com - I tried it, was unsatisfied with the results so I requested that they delete my account under CCPA (being a Californian). They said they completed. My account was renamed from [email protected] to [email protected] . My session wasn't even terminated, so not only could I see this, I could still see my not-deleted photos AND all the sharing links still worked.
I fought with them at length and their support insisted it was deleted and that this was just something on my computer. Logout/clear cookies/cache/reboot and it'll be all good. I know that's BS.
Even when they "escalated" the issue to a manager who said "Your account has been deleted and will not be reopened." - I could still take screenshots of my account homepage. At which point they stopped responding to me.
Is it name and shame time? Cause I know Walgreens doesn't even have the option to allow you to request deleting your online account. Not an online option nor even calling them on the phone.
The company I know handles account "deletions" by pseudonymizing data, which is utter BS, any half-competent engineer can recover who the original person was. The engineering lead in charge realized he can get promoted by calling pseudonymization "anonymization" thereby fooling most, and not losing the data for the company. Those who knew he was making a mess were not included in the data deletion project, likely because it was inconvenient to hear the truth.
So that's how a huge company deals with "data deletion". I hope the DPA will come down on them hard but of course this clown will then just go and do this circus at another company, now promoted to high heavens.
I hate that privacy and security are full of snake oil peddlers, and it pays of extremely handsomely to be a snake oil peddler. It's not in anyone's interest for you to get caught (who wants to advertise their security is bad/they don't abide by GDPR?), so even if it becomes painfully obvious you've been selling snake oil, you'll only be asked to hand in your resignation, allowing you to do the same (but at an even higher level) at another company.
One reason deletion may not be technically absolute is that tombstone records may be needed to gradually cull the data from things like backups and 3P systems. Usually though these should just be surrogate keys with no human significance. Then ultimately they get purged too.
The post paints a discouraging picture overall, but it does have some interesting double standards if you consider these three separate quotes:
> It would seem there is no end to how far businesses can take white-labeling and outsourcing.
> I’m sure engineering time to manually delete data must be more expensive in the long run than creating processes and tools for customers and customer support representatives to handle delectation requests.
> 11 of these were smaller niche online stores.
If I'm a "niche online store", am I somehow excused from these rules? I would think there would be a market for white-labeled online stores for niche online stores, but that's somehow Bad™? But having an in-house engineering team develop the platform and respond to development needs as they arise (to handle the first account deletion request) is also Bad™?
Had a similar terrible experience with crypto.com. After the MFA and stolen digital assets debacle earlier this year, decided to [hard/soft] delete my account with them. The company has a very complicated process for account deletions which involves having the account owner send a picture of themselves holding a sign. The picture must meet several criteria in order to be accepted.
I had a service provider delete the hosted graph databases I used for my startup demo that even had some past consulting client data in them, while still continuing to charge me for several months for the service. Since I didn't believe anyone actually deleted data, I asked for a download of it, and they insisted it was actually deleted. It was absolutely shadey. Tainted my view of that technology as well.
Valuable lesson was next project I will likely have to figure out how to effectively shard and round robin containers across diverse cloud providers, as I don't forsee ever affording to be able to be treated that poorly again.
I guess it can get complicated, but most of the software I've written I gracefully handle missing user relationships so that it's possible to delete the user. I wouldn't be surprised if a lot of these circumstances are just because the software can't handle a missing user relationship, nothing nefarious. Stupidity before malice and all that.
My favorite in the bad old days was ETrade. They wanted money to delete your account - $80! Fortunately they had an 'ETrade checks' feature, so I wrote myself a check on my account for the entire total, directed their email to the trash and threw their snail-mail away for 2 years before it dried up.
> The last successful request was processed 71 days after the first email. The GDPR doesn’t define “without undue delay”, but I’m fairly certain that it requires companies to not stall for over 10 weeks.
Having worked at a couple of cloud companies... the GDPR deletion timeline within our systems was 90 days. I assume that legal had vetted that timeline.
I wonder how this is supposed to work with workplace apps such as Slack, especially with regards to GDPR.
Say I am leaving my job, and want my personal information to be purged from this 3rd party service (Slack). They say [1] "Primary Owners of a workspace or org must contact Slack to request deletion of a deactivated member's profile information.". What if I contact the "Primary Owner" before leaving my job and they ignore my request, or better yet I have already left my job and I don't know how to contact them or who they are? Why can't I request my personal information to be deleted from a completely 3rd party American company's database myself?
Try telling a friend a sufficiently spicy secret and then tell me there's a delete. It's just as much a falsehood as imagining you can un-break a window.
It’s software not magic. We focus on the happy path … there is rarely maligned intent here it’s just a matter of focus… I’d say if gdpr did any good it was in forcing many to be like fine we’ll devote resources to deleting data we’d otherwise probably only brother to if our db size became too big to deal with… it’s the build big and sell to someone else to deal with problem … we just don’t focus on the negative less fun problems
Part of this is leftover tech culture from Facebook's early focus on Growth, Growth, and more Growth. Allowing for easy deletion of accounts was fundamentally at odds with user growth.
It's refreshing to see that tech is now heading in a more socially responsible direction, but the industry still has a long way to go.
[+] [-] itvision|4 years ago|reply
* accounts are never deleted, period *
At most there's a column in the table which specifies whether the account is alive or not. That's it.
[+] [-] null_object|4 years ago|reply
Want to just add my voice to others who’ve already said this isn’t true.
I work at a company where the task to ensure that every last shred of a person’s data is deleted when they leave the service took a whole team more than a year to develop. It includes all backups and databases, and is complete shortly after 45 days have elapsed (which is in our T&C to ensure that users have enough time to migrate their data, or even reverse their decision).
[+] [-] alasdair_|4 years ago|reply
[+] [-] EdwardDiego|4 years ago|reply
[+] [-] danielskogly|4 years ago|reply
- Their account changes and passports
- Their own wishlists, including all items added
- Any claims they've made on other wishlists
- Any item suggestions they've added to other wishlists
- The checked status of any item suggestions they've checked on other wishlists
- Removing them as partners on collaborative wishlists created by others
- The user
I'm not sure why someone would _want_ to keep user data around, as that seems more of a liability than an asset.
[+] [-] dboreham|4 years ago|reply
[+] [-] organsnyder|4 years ago|reply
[+] [-] bombcar|4 years ago|reply
[+] [-] jeffwask|4 years ago|reply
[+] [-] chitza|4 years ago|reply
[+] [-] fastball|4 years ago|reply
[1] https://supernotes.app
[+] [-] unknown|4 years ago|reply
[deleted]
[+] [-] Terry_Roll|4 years ago|reply
[+] [-] jack335|4 years ago|reply
[+] [-] onion2k|4 years ago|reply
[+] [-] barbazoo|4 years ago|reply
That's sketchy, especially if you don't own the domain but you're on a multi tenant domain like Gmail
[+] [-] blibble|4 years ago|reply
I suppose actually deleting anything goes against google's DNA
[+] [-] d2wa|4 years ago|reply
[+] [-] Ansil849|4 years ago|reply
[+] [-] itvision|4 years ago|reply
[+] [-] ChrisMarshallNY|4 years ago|reply
That's because Apple requires it. They won't approve my app, unless there's a "full-fat delete" option.
If a user of the app deletes, it completely nukes their entire account, down to the last byte.
[+] [-] ShakataGaNai|4 years ago|reply
My anecdote: Collage.com - I tried it, was unsatisfied with the results so I requested that they delete my account under CCPA (being a Californian). They said they completed. My account was renamed from [email protected] to [email protected] . My session wasn't even terminated, so not only could I see this, I could still see my not-deleted photos AND all the sharing links still worked.
I fought with them at length and their support insisted it was deleted and that this was just something on my computer. Logout/clear cookies/cache/reboot and it'll be all good. I know that's BS.
Even when they "escalated" the issue to a manager who said "Your account has been deleted and will not be reopened." - I could still take screenshots of my account homepage. At which point they stopped responding to me.
[+] [-] hereforphone|4 years ago|reply
[+] [-] esturk|4 years ago|reply
[+] [-] Ansil849|4 years ago|reply
I feel like this will basically be "pretty much every company out there". A more useful list might be companies who actually do truly delete accounts.
[+] [-] zero_k|4 years ago|reply
So that's how a huge company deals with "data deletion". I hope the DPA will come down on them hard but of course this clown will then just go and do this circus at another company, now promoted to high heavens.
I hate that privacy and security are full of snake oil peddlers, and it pays of extremely handsomely to be a snake oil peddler. It's not in anyone's interest for you to get caught (who wants to advertise their security is bad/they don't abide by GDPR?), so even if it becomes painfully obvious you've been selling snake oil, you'll only be asked to hand in your resignation, allowing you to do the same (but at an even higher level) at another company.
[+] [-] paulryanrogers|4 years ago|reply
[+] [-] odonnellryan|4 years ago|reply
[+] [-] rav|4 years ago|reply
> It would seem there is no end to how far businesses can take white-labeling and outsourcing.
> I’m sure engineering time to manually delete data must be more expensive in the long run than creating processes and tools for customers and customer support representatives to handle delectation requests.
> 11 of these were smaller niche online stores.
If I'm a "niche online store", am I somehow excused from these rules? I would think there would be a market for white-labeled online stores for niche online stores, but that's somehow Bad™? But having an in-house engineering team develop the platform and respond to development needs as they arise (to handle the first account deletion request) is also Bad™?
[+] [-] xyst|4 years ago|reply
https://help.crypto.com/en/articles/3640569-how-to-close-cry... (note: as of today the link to their selfie requirements is dead)
The entire process took 45 days to resolve because their e-mail support is fucking terrible.
[+] [-] motohagiography|4 years ago|reply
Valuable lesson was next project I will likely have to figure out how to effectively shard and round robin containers across diverse cloud providers, as I don't forsee ever affording to be able to be treated that poorly again.
[+] [-] ehnto|4 years ago|reply
[+] [-] JoeAltmaier|4 years ago|reply
[+] [-] jack335|4 years ago|reply
[+] [-] swiftcoder|4 years ago|reply
Having worked at a couple of cloud companies... the GDPR deletion timeline within our systems was 90 days. I assume that legal had vetted that timeline.
[+] [-] osener|4 years ago|reply
Say I am leaving my job, and want my personal information to be purged from this 3rd party service (Slack). They say [1] "Primary Owners of a workspace or org must contact Slack to request deletion of a deactivated member's profile information.". What if I contact the "Primary Owner" before leaving my job and they ignore my request, or better yet I have already left my job and I don't know how to contact them or who they are? Why can't I request my personal information to be deleted from a completely 3rd party American company's database myself?
[1] https://slack.com/help/articles/360000360443-Delete-profile-...
[+] [-] throwaway22032|4 years ago|reply
Try telling a friend a sufficiently spicy secret and then tell me there's a delete. It's just as much a falsehood as imagining you can un-break a window.
[+] [-] taf2|4 years ago|reply
[+] [-] mrintellectual|4 years ago|reply
It's refreshing to see that tech is now heading in a more socially responsible direction, but the industry still has a long way to go.