Many services have a grace period. Mostly it’s 30-90 days where they keep your data, just in case somebody else decided to delete your account or you were drunk or something. But it could also be for legal reasons, like websites where you can post stuff for everybody to see, in case you post something highly illegal and the authorities need to find you. Another example is where a webshop is required to keep a copy of your data for their bookkeeping.
But it could also be for legal reasons, like websites where you can post stuff for everybody to see, in case you post something highly illegal and the authorities need to find you. Another example is where a webshop is required to keep a copy of your data for their bookkeeping.
None of these require your account to “exist”. There could simply be an acknowledgement stating those reasons with “after X days the data will be deleted, and xyz will be archived for legal reasons”.
Mostly it’s 30-90 days where they keep your data, just in case somebody else decided to delete your account or you were drunk or something
This is the only valid reason. But even then this could be stated so that the user is fully aware. Then an email one week and another one day before deletion as a reminder, and a final confirmation after the fact. I’ve used services before that do this. It’s done well and appreciated.
This pseudo-deletion shadow account stuff is annoying.
It’s actually much more technical than theoretical. When you delete an account on a website, that is being kept for a little while longer, it merely has field in the database that gets updated. (often with a removal date as well for the automatic removal after x amount of days). This field needs to be checked everywhere the account is used. And account recovery is mostly a part where this is forgotten, or possibly not even wanted.
And to claim this as fact, I just realized that the website I work on allows recovering of banned accounts. (Removed accounts are completely removed though because we don’t need to retain any data).
This is the only valid reason. But even then this could be stated so that the user is fully aware.
Keeping the records for a little while longer is actually implied to be known. It’s in their privacy policy, and is legal.
Whether or not services should make this easier to know exactly what is happening I definitely agree. Personally I think post history without user identifiable data should also be removed, but this is even less common practice (and is why tools exist to delete all your reddit posts for example).
This field needs to be checked everywhere the account is used.
Usually something like this would be enforced once in a centralized location (in the data layer / domain model), rather than at every call site.
for the automatic removal after x amount of days
This gets tricky because in many jurisdictions, you need to ensure that you don’t just delete the user, but also any data associated with the user (data they created, data collected about them, data provided by third-parties, etc). The fan-out logic can get pretty complex :)
Many services have a grace period. Mostly it’s 30-90 days where they keep your data, just in case somebody else decided to delete your account or you were drunk or something. But it could also be for legal reasons, like websites where you can post stuff for everybody to see, in case you post something highly illegal and the authorities need to find you. Another example is where a webshop is required to keep a copy of your data for their bookkeeping.
None of these require your account to “exist”. There could simply be an acknowledgement stating those reasons with “after X days the data will be deleted, and xyz will be archived for legal reasons”.
This is the only valid reason. But even then this could be stated so that the user is fully aware. Then an email one week and another one day before deletion as a reminder, and a final confirmation after the fact. I’ve used services before that do this. It’s done well and appreciated.
This pseudo-deletion shadow account stuff is annoying.
It’s actually much more technical than theoretical. When you delete an account on a website, that is being kept for a little while longer, it merely has field in the database that gets updated. (often with a removal date as well for the automatic removal after x amount of days). This field needs to be checked everywhere the account is used. And account recovery is mostly a part where this is forgotten, or possibly not even wanted.
And to claim this as fact, I just realized that the website I work on allows recovering of banned accounts. (Removed accounts are completely removed though because we don’t need to retain any data).
Keeping the records for a little while longer is actually implied to be known. It’s in their privacy policy, and is legal.
Whether or not services should make this easier to know exactly what is happening I definitely agree. Personally I think post history without user identifiable data should also be removed, but this is even less common practice (and is why tools exist to delete all your reddit posts for example).
Usually something like this would be enforced once in a centralized location (in the data layer / domain model), rather than at every call site.
This gets tricky because in many jurisdictions, you need to ensure that you don’t just delete the user, but also any data associated with the user (data they created, data collected about them, data provided by third-parties, etc). The fan-out logic can get pretty complex :)
True. Although not every endpoint is the same, nor is every website or service.
GDPR specifically mentions user identifiable data. I don’t know about others.