Naturally, we all seem to have a ton of data lying around our computers. Nobody really knows where it comes from, it just seems to amass into one beautiful digital hoard; with the average person's desktop containing more icons than they could ever know what to do with. Broken shortcuts to apps that haven't been opened in three years, 2734187.jpg and 2734187 - copy (2).jpg's galore, folder's aptly named "Miscellaneous" or more truthfully, "random sht" that they promise they'll use to organise this mess at some point and, let's be honest, perhaps a password.txt (or two, or - I mean, who's counting, there might be three or four of those buggers in that tangle of icons, you just keep resetting the passwords anyway). And all of that is before we even look at what's hiding in the rest of their computer! I'm no saint here either, my ~/Downloads folder is often a mess but at least I'll go through it and just purge everything now and then just to keep my sanity with it.
We all leave our data around. I'd just like to remind you that we often leave it someplace else too, on other people's computers.
Now I don't have much to help you with your desktop, but for the stuff you've left with other people, well I think I can help there.
GDPR Requests
Ok, now it might sound a bit dull but what I'll start with is a weird admission. I find sending these gdpr requests off quite fun in a strange way! You basically get to send an uncomfortably abrupt message and be unbelievably direct and people actually reply to everything you've said for once!
So why bother?
Well I suppose you're giving someone who's probably terribly bored something to do at their job but the real reason is of course to prevent your data getting OUT again, in a data leak, or to prevent it from being sold on (anymore) to another company who can ... probably just leak it as well, to be honest. There are a lot of data leaks.
What data are you leaving out there? Well, probably phone numbers, home addresses, possibly bank or credit card details if you're unlucky. Once the data is out, it's out. There's no closing pandora's box, you have to hope you're on top of your data before enough of it really gets out to get you into trouble.
I'm personally enjoying chipping away at these now and then, it gives a real sense of progress. One day I'll be able to list off everyone that has data I can gdpr-away and I'll have a much cleaner slate thanks to that.
One other weird upside too, and I don't really know if this is a great thing to say, but... I find the companies that were most agreeable and on top of things reply almost immediately and complete the request just as fast. Some others, like ticketmaster, seem to be taking the maximum possible length allowed by law... even going so far as to extending the window by invoking other clauses. SO! I'm not saying I recommend it... but you could make an account and see how long it takes for the service to wipe it for places you plan on signing up to in the future...
Sooo, how can I...?
I'll preface all of this with the fact that I don't think you need to jump right into the deep end and wipe everything in one go. It's something you can do now and then, and it'll take like 5 minutes at most to wipe an account or two, even more once you've got a rhythm down for it.
Well, this isn't some formal science nor really something I've curated perfectly, so I might be missing things myself but I personally stick to finding the following things:
- Finding which services actually have your data:
- My current approach, having done quite a lot of these requests now, is to, honestly, take a backseat and wait for stuff to come to me. Eventually, a company has to email you to remind you they have some of your data in the case of a privacy policy update. I've had a few cases where there was no mention of me owning an account with someone in my email inbox, but once I get that email for a service I no longer use. They're getting hit with a request in no time.
- The more active approach is to of course, try and remember services you've used; you can likely search for shortened terms like 'regist', 'created', 'activate' or 'validate' in your email inbox to find old accounts.
- Once you know who to bother, use a search engine to find their relevent GDPR email address. It might be the case that you can't find anything too easily on first search, in which case I would advocate using something like startpage (anonymous google searches) since it's most likely that every bloody page has been crawled by google, but I've equally had good luck with brave search and duckduckgo. Don't forget you can append the very useful "site:thewebsite.com" to restrict searches to only come from a relevent domain, and then ctrl+f'ing to find 'gdpr' or searching for an @ symbol.
- Once you've got the right page, you will either find an email you can contact (don't worry too much if it's not the precise one, it's likely whoever you email will correctly forward you on anyway) or you might find you have to submit a small form. I've yet to find ANY form that's more than 2-3 brief inputs (usually just email address, message subject, body and possibly a "where are you located")
My Template
Having found an appropriate method of contact, you can use the following template. With the remarkably imaginative subject: "Account Closure and GDPR Data Removal". I follow up with the remaining body:
Requesting all data corresponding with the account associated to this email address to be removed and for said account to be deleted. Right to be forgotten. Thanks.
So far, I'm yet to have any troubles with this and things seem to go over rather smoothly. If you're missing anything or need to clarify, it might be one additional email, but otherwise the entire process should be totally hands off for you from there. If I'm missing any details let me know.
'Til next time.