
Get companies to erase your personal data – automated CCPA deletion requests - yoaviram
https://yourdigitalrights.org
======
Phait
I've sent one request as a test, if it works I'll do it systematically for all
data brokers listed here [https://yourdigitalrights.org/data-
brokers](https://yourdigitalrights.org/data-brokers)

Since the devs are around this thread: it would be nice to have an option to
send requests in bulk.

~~~
yoaviram
Would you mind voting up this idea on our roadmap?
[https://wishlist.yourdigitalrights.org/](https://wishlist.yourdigitalrights.org/)

------
kyrieeschaton
Wait, so if I know someone's name and email address or username I can probably
cause arbitrary companies to delete their account?

~~~
Tenoke
You have to send the request from an email and if you send it from an
unrecognized one they'll probably ignore it, have grounds to do so or will ask
you for more information in a follow-up email.

~~~
kyrieeschaton
"Probably" some hazy business process will intervene is not a reassuring
guarantee!

(And those manual processes are expensive and likely to be automated away to
some hackable business logic at some point.)

~~~
Bartweiss
> _those manual processes are expensive and likely to be automated away to
> some hackable business logic_

I suppose this depends on who they're manual and expensive _for_. Some people
will probably automate "respond to all agent-based deletion requests with a
request for proof of authorization and direct user verification", because it
lets them delete as little as possible.

But actually _checking_ that info if its provided? Yeah, that sounds less
likely. And I'll bet a lot of companies will just obey anyone claiming to be
the actual user and providing some piece of personal info.

------
Tenoke
This looks great!

I wish it came with a little blurb on /data-brokers as to what a Company does
or how they typically use data.

I know I probably 'want' e.g. Experian to have my data but I'd remove any
company that is purely ads based for example.

~~~
yoaviram
Great idea, would you mind adding it to our wishlist?
[https://wishlist.yourdigitalrights.org/](https://wishlist.yourdigitalrights.org/)

------
javajosh
FYI if you send an email to Acxiom you'll get an automated response to _redo
your submission through their web form_
[https://gdpr.eu.acxiom.com/managePreference](https://gdpr.eu.acxiom.com/managePreference).

This form is filled with dark patterns, including ones that are outright
illegal, I believe. You cannot exclude your phone number under GDPR unless
your country code is UK (+44).

------
MEGMAIL
Wow -- this seems like such a good thing. I can't believe there hasn't been a
big push to have companies do this until now.

------
blackearl
If I have a PO box in CA can I send CCPA requests for myself or do I need to
actually be a resident?

~~~
yoaviram
You need to be a resident, but I have found that many companies will not check
and process your request anyway. Microsoft officially said they will do so:
[https://venturebeat.com/2019/11/11/microsoft-will-honor-
cali...](https://venturebeat.com/2019/11/11/microsoft-will-honor-californias-
ccpa-privacy-law-across-the-u-s/)

------
yoaviram
I’m one of the founders of this service. We created Your Digital Rights
because we believe that privacy matters, and that exercising your right to
privacy should be easy. Over the past year thousands of people have used the
service to send GDPR erasure requests. We’ve just launched support for the
CCPA. I’d love to get your feedback and am happy to answer any questions.

~~~
hnhg
What about 'startup/tech' companies like Telegram? I can't bulk delete data in
group chats, which to me seems in violation of my GDPR rights. I also have no
idea where they are permanently based or how to properly contact them? They
are an immensely shady outfit...

Can you help with this case or am I and others just stuck with the mistake of
using them?

~~~
beckingz
If you delete your telegram account, your messages in group chats will be
attributed to a deleted user.

~~~
hnhg
Thanks. That's unsatisfactory to me, alas.

------
whamlastxmas
Will hacker news take down accounts under CCPA?

------
timd2112
But if I remove from credit bureaus I can't churn credit cards ;)

~~~
patcheudor
or trace back prior fraud. Criminals are using data deletion requests /
demands to cover their fraud so they can continue. I don't think as written,
this legislation is going to hold up under the onslaught of criminal abuse.

~~~
gearhart
I don't want to be rude, so please tell me if you do, but do you have a source
for that? It sounds quite a lot like a "think of the children" argument and
whilst I can see people having made that claim elsewhere, I don't see any
actual cases of it being reported.

------
Havoc
Oracle is a data broker? I missed that somehow

~~~
mrgreenfur
[https://www.oracle.com/corporate/acquisitions/datalogix/](https://www.oracle.com/corporate/acquisitions/datalogix/)

~~~
Havoc
Ah right. Acquisition. That makes more sense

------
schlimig
Services like this are disgraceful. You encourage users to GDPR from services
via your system, a third party, which then sends the request on. GDPR and data
protection require that companies protect user data and so these requests
cannot just be processed without verifying the user is who they say they are.
Companies cannot communicate with you as you are a third party and so you're
just creating an unnecessary step in the chain and fostering the belief in
users that using your service is all they have to do. The number of people who
have given me abuse as a site administrator because upon receiving an email
from you or your competitors, I've had to verify identity, is beyond a joke
now!

~~~
yoaviram
It's sad that you didn't even bother to try the service, or read the
instructions, before posting this comment. All the service does in generate an
email which opens up in your local email client. You then send the email on
your own. If the company needs any further information they can (and legally
have to) reply to your email. We are not a side to this exchange.

