Try trying to delete your open ai data. Even if you live somewhere with the right to forget or some protection they refuse the request unless you upload a copy of your ID. But then they have that data.
"After reviewing the websites of all 499 data brokers registered with the state, we found 35 had code to stop certain pages from showing up in searches."
Of course you did. I've been submitting GDPR subject information requests to companies that spam me - and most of them ignore me.
The ones that do take the time to reply usually say "We've deleted your personal data now", which is not at all what I want. I want to know what details they have about me, where they obtained it, and why they think spamming me is acceptable.
I've got a folder where I keep printouts of the recent offenders, and once I get a few weeks of holiday I'll start filing small-claims cases against them.
Er, you're going to file multiple small claims in the US against (suspected) firms outside the US?
Be prepared to be disappointed. There is 0 evidence/elements of damage in the eyes of the archaic courts in this case, as you have no evidence of being damaged. You may be annoyed, but you're not at psychical or monetary risk due to the actions of another.
I disagree^ with the above, we live in the future where comm-spam is an inherent risk. However, I lost a small claims case where documented over 5 years Mazda put the wrong oil in my car. I found out after pouring through paperwork and seeing the line items/overcharging (22 instances of this.)
Judge dismissed it due to no "damage." 3rd cylinder died a week later.
If you are a California resident you can request a deletion via the state's new DROP platform which is launching next year. That will send the deletion request to every registered data broker in the state who will then have 45 days to comply. Part of that compliance is sending deletion notifications to everyone downstream that they have shared or sold your data to in the past. The penalty for not responding to a DROP request is going to be $200 a day, per request.
Starting in 2028 CA registered data brokers will have to undergo audits to ensure that they have been complying with deletion requests to the fullest extent of the law. Now, maybe only 20% of actual data brokers are registered in California like they are supposed to be, but it's a start.
Shameless plug: I'm building a platform to help the data brokers actually delete the data they are supposed to, provide full auditing and accounting for that process, and automate privacy request handling: forgetmenaut.com
btw, in europe, UK, turkey you should be able to use the official european digital advertisement alliance website to opt out from profiling from a bunch of ad providers: https://www.youronlinechoices.com/
We didn't set out to hide our GDPR requests, we put them behind our Support/Legal button. But we got sued anyway, and we lost.
Now we have to have the "delete my data" and "request my data" as part of our main settings list. Result: flooded with requests. People are clicking the buttons just because they are there. For me it's not a big deal, I automate all the requests. But, I still feel like this went too far.
Try deleting your account with the delete button. Nothing happens. Everything on the site perfect, just that Delete button is broken (and the request times out).
But wait, you can send a ticket. Get response days later that it is marked as resolved.
You go back to the site ... O, i am still logged in with my old session.
Then you see your email: deleted_2544642405_blabla@gmail.com
So fake "delete" by simply putting a deleted and some timestamp before your email address, while keeping your other data.
O and the Delete button is also not fixed ;)
Companies really only seem to learn with some hefty GDPR fines.
I have used Incogni for a few years now, I was a little worried after the first year things wouldn't be worth the price, but I'm noticing that there are data brokers who will happily remove you but not put you on a block-list, meaning that they will happily ingest your information again if it comes to them, and another request from Incogni will be needed to remove it again.
I'm on the fence about whether that's real value delivered from Incogni, but I do think overall it's working to limit some of the spread of my data.
Deleting your personal data is just an illusion.
Companies just mark your data as "deleted", but keep the data anyway, in the best of cases just for auditing purposes.
You will never, ever, be able to delete your data.
Stop dreaming.
You own the data you produce, both intentionally (writing, making videos) and unintentionally ("metadata", logs). You have to explicitly give others permission to use that data for any purpose where money exchanges hands (and many where it does not). You can limit or revoke the permission at any time.
> You have to explicitly give others permission to use that data for any purpose
This is already the case. All the contracts and terms of service documents already contain these permission clauses. People don't even read such things.
The funniest contracts are the ones that say "by using this site, you agree to [surveillance capitalism]". People have to navigate the site in order to even read the contract so it's logically equivalent to writing "by reading this contract, you accept it".
People need to start making laws that invalidate these silly documents.
In every aspect of life in which personal data is indexed/transmitted, the point of origin at least is some place you've explicitly indicated approval of this process. IF you walk into walmart, you are granting them the ability to sell your facial data and card metadata to whoever.
No third party is calling your mobile provider to ask them to leak info.
They are PAYING the mobile provider to leak them info that we provided express written consent for them to do so. TO avoid these ToS and binding agreements, you would need to live a disconnected agrarian lifestyle. Literally, can't walk into any corporate store.
This is kind of the case. Under GDPR, the data can only be used for the specific purpose for which is was collected, unless explicit consent is obtained. Terms buried in contracts do not count as consent - a contract has to be clear about the purpose for collecting the data and why it is necessary to fulfil the contract, and using the data for any other purposes is illegal.
> Telesign, a company that advertises fraud-prevention services for businesses, offers a simple form for “Data Deletion” and “Opt Out / Do Not Sell”. But that form is hidden from search engines and other automated systems, and isn’t linked on its homepage.
>
> Instead, consumers must search about 7,000 words into a privacy policy filled with legalese to find a link to the page.
In fact, while they do have a robots.txt [1], their form [2] isn't actually listed there. Instead, the page itself has a meta tag:
<meta name="robots" content="noindex, nofollow">
The reason is probably something mundane like this being easiest to do via the Wordpress UI, but putting on my conspiratorial hat, they just want to make it even hard to find out that they did this.
(Disclosure: I work on Mozilla Monitor, where we try to help people send these data deletion requests.)
I'm not in support of the practice laid out in the article, but we're talking about robots.txt, right?
I guess it was written for a less technical audience, but it makes it seem like they have JS or 'code' was specifically written to hide these from web crawlers.
It makes more sense, in context, that companies could be unaware. Sure, a 'noindex' doesn't just show up, but how many were old configs disallowing *, and only allowing indexing on a few sites
Edit: I didn't see the screenshot section. Most (of the few I spot-checked) are, in fact, noindex. I stand corrected
Google photos removed the delete api endpoint. Now, in order to delete your own photos from their service, you have to automate browser interactions that batch by batch delete your photos. I've just done this with both my wife's and my google photos accounts, and it took over 24 hours of browser interactions to fully delete everything. Ridiculous.
29 comments
[ 2.4 ms ] story [ 53.3 ms ] threadThat's not as bad as I would have expected
The ones that do take the time to reply usually say "We've deleted your personal data now", which is not at all what I want. I want to know what details they have about me, where they obtained it, and why they think spamming me is acceptable.
I've got a folder where I keep printouts of the recent offenders, and once I get a few weeks of holiday I'll start filing small-claims cases against them.
Be prepared to be disappointed. There is 0 evidence/elements of damage in the eyes of the archaic courts in this case, as you have no evidence of being damaged. You may be annoyed, but you're not at psychical or monetary risk due to the actions of another.
I disagree^ with the above, we live in the future where comm-spam is an inherent risk. However, I lost a small claims case where documented over 5 years Mazda put the wrong oil in my car. I found out after pouring through paperwork and seeing the line items/overcharging (22 instances of this.)
Judge dismissed it due to no "damage." 3rd cylinder died a week later.
Starting in 2028 CA registered data brokers will have to undergo audits to ensure that they have been complying with deletion requests to the fullest extent of the law. Now, maybe only 20% of actual data brokers are registered in California like they are supposed to be, but it's a start.
Shameless plug: I'm building a platform to help the data brokers actually delete the data they are supposed to, provide full auditing and accounting for that process, and automate privacy request handling: forgetmenaut.com
Now we have to have the "delete my data" and "request my data" as part of our main settings list. Result: flooded with requests. People are clicking the buttons just because they are there. For me it's not a big deal, I automate all the requests. But, I still feel like this went too far.
this will stop being a problem
Try deleting your account with the delete button. Nothing happens. Everything on the site perfect, just that Delete button is broken (and the request times out).
But wait, you can send a ticket. Get response days later that it is marked as resolved.
You go back to the site ... O, i am still logged in with my old session.
Then you see your email: deleted_2544642405_blabla@gmail.com
So fake "delete" by simply putting a deleted and some timestamp before your email address, while keeping your other data.
O and the Delete button is also not fixed ;)
Companies really only seem to learn with some hefty GDPR fines.
It feels like such a cat and mouse game, that should be easy to automate, that said, I'm not sure it'll be effective.
I'm on the fence about whether that's real value delivered from Incogni, but I do think overall it's working to limit some of the spread of my data.
You own the data you produce, both intentionally (writing, making videos) and unintentionally ("metadata", logs). You have to explicitly give others permission to use that data for any purpose where money exchanges hands (and many where it does not). You can limit or revoke the permission at any time.
This is already the case. All the contracts and terms of service documents already contain these permission clauses. People don't even read such things.
The funniest contracts are the ones that say "by using this site, you agree to [surveillance capitalism]". People have to navigate the site in order to even read the contract so it's logically equivalent to writing "by reading this contract, you accept it".
People need to start making laws that invalidate these silly documents.
In every aspect of life in which personal data is indexed/transmitted, the point of origin at least is some place you've explicitly indicated approval of this process. IF you walk into walmart, you are granting them the ability to sell your facial data and card metadata to whoever.
No third party is calling your mobile provider to ask them to leak info. They are PAYING the mobile provider to leak them info that we provided express written consent for them to do so. TO avoid these ToS and binding agreements, you would need to live a disconnected agrarian lifestyle. Literally, can't walk into any corporate store.
yay!
In fact, while they do have a robots.txt [1], their form [2] isn't actually listed there. Instead, the page itself has a meta tag:
The reason is probably something mundane like this being easiest to do via the Wordpress UI, but putting on my conspiratorial hat, they just want to make it even hard to find out that they did this.(Disclosure: I work on Mozilla Monitor, where we try to help people send these data deletion requests.)
[1] https://www.telesign.com/robots.txt
[2] https://www.telesign.com/privacy-requests
I guess it was written for a less technical audience, but it makes it seem like they have JS or 'code' was specifically written to hide these from web crawlers.
It makes more sense, in context, that companies could be unaware. Sure, a 'noindex' doesn't just show up, but how many were old configs disallowing *, and only allowing indexing on a few sites
Edit: I didn't see the screenshot section. Most (of the few I spot-checked) are, in fact, noindex. I stand corrected