You are the product

It is an open secret that all the applications and services you use on your mobile phone or in a browser are permanently stored by the respective company. As a result, over the years that you have used a service, you have accumulated massive amounts of personal data. Most large technology companies will use this personal data to generate revenue. This is usually done through advertising. Simply put, other companies will pay to advertise on their platform, and by having stored vast amounts of user data, these companies are able to target customers more effectively, which is highly valued by advertising companies. As a user of their service, you become the product of their platform or application.

The main problem with this is that large data collection companies like FAANG have a clear incentive to store as much data about you as possible, eliminating your privacy and leaving you vulnerable to third-party attacks on their service.  Sometimes the attack on your data and privacy is launched internally, as in the infamous Cambridge Analytica scandal that Meta faced a few years ago. In this case, the personal data of users' Facebook friends was collected by Cambridge Analytica through Facebook's Open Graph platform.

Even if you are inclined to ignore the dangers, your benefit from the service is negligible. When was the last time you saw an ad on Instagram or YouTube for a new product you didn't know about and decided to buy it? If you're anything like me or our team, you're still waiting for that day to come. In the meantime, you're probably scrolling past hundreds of ads for miraculous fat-burning pills (most likely not approved for purchase in your jurisdiction, even if you were willing to try them and roll the dice to meet your gods) or skipping hundreds of ads for mobile games (that probably doesn't even exist).

The do-it-yourself protection under the GDPR

Luckily, this is where the General Data Protection Regulation (GDPR) can be of use. See under article 17 of the GDPR you have the right to be forgotten by those companies. This allows you to request the immediate deletion of data concerning you under certain circumstances. Our German buddies from datenanfragen.de summarized the conditions quite well. I am simplifying their findings.

The conditions for this are met, for example, if

• the data is no longer necessary for the purposes for which they were collected (Art. 17 (1) (a) GDPR)
• you withdraw your consent to the processing (Art. 17 (1) (b) GDPR)
• the data has been processed unlawfully (Art. 17 (1) (d) GDPR).

‍

However, there are also some cases in which the right is restricted and there is no right to erasure. Restrictions exist, for example

• if the right to freedom of expression and information prevails (Art. 17 para. 3 letter a GDPR),
• if there is a legal obligation to store data, such as the storage of invoices for 10 years (Art. 17 (3) (b) GDPR)
• use in the public interest for archiving purposes and scientific or historical research purposes (Art. 17 (3) (d) GDPR)
• for the assertion of legal claims (Art. 17 para. 3 letter e GDPR).

‍

In general, most of the information these companies collect about you is not necessary to provide their services, and you have the right to force them to delete it. One thing to note is that they are also required to inform you about the status of your request under Art. 19 of the GDPR. They have to tell you if they have any data and if they have deleted it. So where is the kicker? Well, you as a user have to manually invoke this right and these companies will not make it convenient for you because it is not in their interest.

How it works

There are two main ways to exercise your right of deletion:

1. You can notify the company that stores your data to stop using their service. This is probably the easiest way to get your data deleted. The first thing you need to do is find out what email address you used to sign up for the service, and then send an email from that service containing your name, email address, physical address, and date of birth. This information must be part of your email so that the company can find you in their system and know what data relates to you. It's also important to ask the company to delete the information you just gave them, but don't worry, our template below has you covered.

2. Unfortunately, it is not always that simple. Large technology companies like Google or Meta do not want to manually interact with each user. This means that you cannot call or message someone to have your data removed. Instead, you have to use their tools to do so. This usually involves logging into their service on their website and navigating to the Privacy tab in the account settings. Once there, you will find a button that allows you to delete your data. Be careful not to delete your account in the process. Again, we have a guide on how to do this for many of the major tech companies and are constantly adding to our guides.

Here are the templates

Here is the standard email template you can use to let any company know that you want them to delete your personal data. Fill in your information at the relevant points:

To Whom It May Concern

I am hereby requesting immediate erasure of personal data concerning me according to Article 17 GDPR.

Please erase all personal data concerning me as defined by Article 4(1) GDPR.

If I have given consent to the processing of my personal data, I am hereby withdrawing said consent for the entire process.

I am of the opinion that the requirements set forth in Article 17(1) GDPR are fulfilled. You cannot claim an exception based on Article 17(3) GDPR either, particularly as I am not a public figure.

If you have made the aforementioned data public, you are obliged pursuant to Article 17(2) GDPR to take all reasonable steps to inform other controllers, including search engine operators, who process the personal data listed above, that I have requested the erasure of all links, copies or replications. This applies not only to exact copies of the data concerned, but also to those from which information contained in the data concerned can be derived.

In case you have disclosed the affected personal data to third parties, you have to communicate my request for erasure of the affected personal data, as well as any references to it, to each recipient as laid down in Article 19 GDPR. Please also inform me about those recipients.

If you object to the requested erasure, you have to justify that to me.

My request explicitly includes any other services and companies for which you are the controller as defined by Article 4(7) GDPR.

As laid down in Article 12(3) GDPR, you have to confirm the erasure to me without undue delay and in any event within one month of receipt of the request.

I include the following information necessary to identify me:

Name: [your name]

email: [your email]

address: [your address]

Date of birth: [dd-mm-yyyy]

If you do not answer my request within the stated period, I reserve the right to take legal action against you and to lodge a complaint with the responsible supervisory authority.

Thank you in advance.

Yours sincerely,

[your name]

‍

Where the email template does not work

Here is a list of companies that do not accept email for the purpose of invoking Art. 17 of the GDPR and your right to delete your data. For these companies, you will need to visit their account settings and manually initiate the deletion. Click on the name of each company for detailed instructions on how to delete your data from this service.

• Amazon
• Google
• LinkedIn
• Meta (including Instagram & Facebook)
• Netflix
• Paypal (email is possible but not recommended)
• Snapchat
• TikTok

‍

Are they not responding?

That's bad luck. One option might be to try again or send your email to a different address. It is often best to send your email to customer support instead of the service's privacy office, since customer support checks their email more often. The nice thing about GDPR is that the company is obligated to forward your email to the correct email address within the company and take care of your request, no matter where you made it. Also keep in mind that the response time for these requests is usually set at 30 days, and some many companies will intentionally wait until the 28th or 29th day of the period before getting back to you.

Datapods: Deletion made easy

Admittedly, this sounds like a lot of work if you want to delete your personal data from every company you have ever interacted with. While you can easily use the email template and send it to all the companies that have an email option, finding the right email, responding to their responses, and repeating the whole process on a regular basis can be quite a hassle. At the same time, it is tedious to go to the account page of the major services you use and manually find the delete button for each one.

This is where Datapods comes in and allows you to do this easily with our app. We direct you to the appropriate section for each service within our app where you can easily delete your data. Even better, before you delete everything, you can save a copy of your data to your local device through our request feature, so you can keep your personal data should you ever need it, and gain some valuable insight into the data companies have about you.  For more information, we have a whole article dedicated to the things Mark Zuckerberg and Meta/Facebook know about you (Hint: It's a lot). It has never been more important to reclaim your personal data and take control of what happens to it.