I preferred to share it with a few trusted people so they can change my online profiles to something "permanent" when the inevitable comes.
I also share a preferred playlist for the goodbye ceremony :) Probably will keep adding perks there.
It's very sad when you see an update for example on LinkedIn saying "congratulate X for his one year anniversary". No, he's not working anymore, he's dead.
It's a crappy situation, but if you do ever see a LinkedIn update like that for a deceased member, they're actually pretty quick at getting the profile taken down when you contact them about it. Source: did this for a deceased member in my network shortly after getting an update like that. A human responded and took action the same day after I reached out.
I guess I'm just being cynical but LinkedIn's [real] customers are being served by the swiftness of response -- the deceased persons cannot respond to their solicitations for job applicants.
Does the highest bidder get all-access? Will a corporate re-structure void any existing check-box preferences? Will "deleted" information be reincarnated?
Radioshack sold off consumer information when they went bankrupt, even though that was against what customers agreed to. It wouldn't be a surprise of Google was able to do the same.
Your comment seems to indicate that you think the problem is somehow intractable, but that's not the case. Government draws its power from the consent of the governed. If we had the will, it could be fixed.
There's ways to address this: (1) bankruptcy court can decide how to balance needs of creditors against needs of the public, (2) legislators can create criminal penalties for intentionally violating regulations regarding distribution of customer data.
Companies can purchase assets off other companies (up to and including the company name and trademarks etc.) without taking on the legal obligations of those companies. It's crappy but true.
(I had a shower re-sealed by a company that gave a 5-year guarantee. Four years later it was leaking again, and I got in touch with them to have it redone under warranty. After stonewalling me for weeks, they finally came back with "we purchased this company off its original owner but didn't take on any of their obligations so you have to find the original owner and get them to repair your shower", and as far as I could tell that's actually a thing you can do.)
Simple enough. When a company ceases trading, nobody expects the people who bought their office equipment to honour outstanding warranties, or even the people who bought out the lease on the building they traded from. If another company buys the design of their products and continues making them, that doesn't oblige them to honour warranties for the products they didn't make.
This is exactly the same thing, except it was the company name that was sold. Acme Corporation sold the Acme brand to RoadRunner Inc, then quietly ceased trading taking all their liabilities with them.
Yep, this was their claim. I don't know if I'd have been able to make it stick in small claims court but it was absolutely guaranteed to cost me more than $500 to find out so I just paid another, more reputable (for now, anyway...) company to redo it.
Not worth fighting it, of course. But unless they bought the company out of bankruptcy, you don't get to choose to buy a company's assets but ignore their liabilities.
That would be like buying a company that owes money on a building and telling the bank that you won't be making payments because you are keeping the building, but not the debt.
That's why a big part of mergers and acquisitions is researching all the possible liabilities that may exist for the company to be acquired.
Thanks for the reply. I was under the impression that businesses have a legal business name that is registered when you register the business. If the name isn't an identifier then what is?
Don't know why you're getting downvoted, but in most jurisdictions, C level executives and the supervisory board don't get a free pass for what their companies do (well, they usually do, but not because of moral or sound legal reasons).
Exactly. The system likes to treat corporations as people and therefore, its the corporation that does the illegal thing, but there's always people behind it making the actual decisions and giving the go-ahead. The corporation didn't ok the illegal activity, a person did. There should be repercussions for ordering someone (or a corporation) to do something illegal.
I'm cool with limiting liability, but completely shielding individuals illegal activity is inane in my opinion.
Bar takes over the remaining business, deletes your backups first, and then sends you a new contract?
It’s not that they have the data, it’s that they split it from the associated contract.
Bankruptcy has little to do with this. It could also happen when Foo stayed in business, or when Bar took over or merged with Foo, without it going bankrupt in-between.
The only difference is that, with bankruptcy, there may be a third party that’s guilty of splitting the data from its contract. If Foo is bankrupt, it doesn’t exist anymore, and Bar may buy the data separate from its contract in good faith.
and why bankruptcy? why not just change of status? company is sold, or goes public, or goes private, or just changes from llc to c corp, or CEO changes? there's far more things that can happen to a company besides bankruptcy which would cause me to want my relationship and data with the company to terminate.
A few months back someone working for Google was posting about how their whole job is ensuring deleted data actually gets removed from their systems. It isn't instant but from what they said it seems to work itself through their systems in a relatively timely fashion.
Yeah I think that user was responding to a question I had.
One of their points was Google has specific written policies about what deleting means and a team(s) whose job it is to do it and make sure it happens.
Considering Google's data retention policies are GDPR compliant, things will be really deleted within a small N number of days from when they're "deleted." At least for European users, and I doubt they are maintaining separate policies on this front for other users.
Even in the extremely unlikely event Google was grossly out of compliance, the successor company would still need to obey the law or risk hefty fines, so it shouldn't really matter to you.
they have dozens/hundreds of systems in different languages run by different teams. nothing was gdpr compliant 2 years ago. there's been a cost to move to that compliance. changing systems you don't have to is also inefficient. you'd need to weigh the delta between the inefficiencies, assuming that 'efficiency' was the primary goal in the first place.
In fact, we're seeing that now with Facebook: every user outside the US/Canada was technically a user of Facebook Ireland, and when the GDPR came into effect, they all got GDPR rights (EU companies have to comply with the GDPR for all users, not just EU users).
Facebook's response was to move everyone except EU users off Facebook Ireland ASAP.
I've definitely seen companies having different policies. First, the data is valuable, so keeping it when you are allowed too can be worth it for that. Second, doing a full deletion can be costly in hardware resource utilization, and sometimes even involve some manual labor. So minimizing it can be cost effective.
I think that covers what we’re talking about here. As in, it is ok to just delete the link between a real person to an anonymous key and not all their anonymised data. That allows one to avoid having to delete all the data itself (imagine how hard that would be from historical backups etc).
Like that text says, as long as a single person can be - even indirectly - identified from the data, it's only pseudonymized, and the GDPR protections apply. Even an IP address can be personal data.
Yes, the point is also to limit "merges" of databases, which build extremely detailed profiles from seemingly inconsequential records. As the US Privacy Protection Study Commission wrote way back in 1977,
“The real danger is the gradual erosion of individual liberties through automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.”
I don’t have a citation handy, but solutions such as “encrypt hthhe data and instead of deleting the data trash the key” have at least been discussed for environments where actually deleting data is hard (event-based storage, cold long-term backups) etc.
From a technological perspective that data would be as good as deleted, even if strictly speaking it still exists.
I believe his point is that in encrypting the data, you are overwriting it - with the encrypted version, which without the key is effectively 'random data'. It's not actually random though, so I don't agree that the data has technically been deleted. Do agree with you that it might as well have been though, so certainly should be good enough.
The idea is slightly different though: you encrypt the individuals data before it ever goes to permanent storage, backup or so. And when it’s time to delete that data, you discard the key instead, effectively making that data inaccessible.
As much as I hate to think about this - what's the probability that Google outlives the GDPR, current trends in privacy laws, or the European Union itself?
Legitimate interests are a potential backdoor to keep/sell customer data in the event of bankruptcy or ownership transfer. Provided legitimate interest can be argued, this would still be GDPR compliant. Given the potential value of the data, it's extremely unlikely that noone would try that in court, and before a final decision is made (which could take years), nothing would be deleted.
To the downvoters: note that I don't argue that it's actually a legitimate interest with respect to the GDPR, only that a third party looking to acquire (parts of) Google is likely to find it worthwile pursuing the chance that it is. This setup will lead to data being retained for longer than a couple of days.
That said, this is a common "exit strategy". I think just about every privacy policy (even "good" ones) has a clause that lets the data be transferred elsewhere.
If the email accounts gets deleted, can somebody else create a new one with the same address and receive all emails from the deleted account and possible take over all other accounts?
Then I would rather just leave the account open after I died.
It could be a way of taking over someone's email account, even if they are alive. It would not be difficult to fake an obituary, especially since anyone can create an account and post a short blog. Most of these sites require a photo of a death certificate, but those are also easily photo-shopped.
Imagine what sort of damage you could do if you had access, even for a day, to Tim Cook's email? Some other CEO of a Fortune 100 company? A celebrity?
I'm surprised this isn't used more often as an attack vector.
You might not care, but there could be financial ramifications for family members.
I had to dispute a charge to my wife's credit card after she passed... it felt like the credit card company was fighting tooth and nail to make me pay for a charge that I hadn't made.
Please provide an encrypted file with all of your emails, pictures and videos of you (including any you might be naked in), scans of any letters, birthday cards, etc you might have. And then post a link to a service which will provide the encryption key once you die.
If you have adult children/family, make sure they do the same.
and obviously other people can be affected by the impersonation of someone, e.g. an impersonator taking advantage of a deceased person's trustworthiness within a community that is not yet aware of their passing.
I set up this deadman switch a while back to give access to my parents, rather than delete. Writing the email that would get sent to them in this event was… very difficult.
I did this too, to a friend rather than my parents, as my parents are less technologically literate, and aren't likely to outlive me or my Google account.
Fortunately, because it's a friend, the message is largely just memes about death to provide some levity to the situation.
It isn't something either of us expects to happen any time soon, so it's easier to be glib about it, and not overthink it.
> how digitally-aware the standard will is at this point
Wipe my hard drive and delete my browser history if i die is a pretty common cultural joke so i'm guessing if you're under 40 you'll have a clause for it
That's not a very nice way to do it. It only takes a busy month outside of "the grid" to become inactive. I'd rather have the option to trust a handful of users which have all report that I'm dead before taking any actions. People having a bit of trouble after I die is way better than I having to deal with an inactivated account while living.
The mention of "It only takes a busy month outside of 'the grid' to become inactive" isn't entirely true. The setup allows you to decide not only the length of time from 1 month to 18 months, at intervals. What data you share can be spread across contacts which you select by email and verify by phone. There isn't a default to send all data to an address, you have to select it. The individual selection of data that can be filtered has also grown since my first usage in 2014.
As for "I'd rather have the option to trust a handful of users which have all report that I'm dead before taking any actions" is a fair point regarding that Facebook requires a death certificate. Though, this is not the same as the Inactivity manager, which is what Google is offering. The purpose is to be a way to allow people to access content on your accounts after a period of time. It allows a set number of contacts to access your account in a provisioned way, through a very refined selection set that even breaks down separate google play stores (books, music, play, and movies.) I also saw selections for Mail, Photos, and 42 other different data points that can be sent to separate users.
It is a preemptive step by the account owner to verify their information will be easily retrieved by a family member or friend.
I would suggest taking a look at the Inactivity manager. It has a more robust set of features than most inactivity systems, and doesn't just apply to death. Even in death, it allows a family to collect photos, contact lists, and other mementos of a persons life.
Going "off the grid" (from your perspective) can look to others like "disappeared, and possibly dead". The photo sharing part could be useful for them to grieve, and you probably wouldn't enable this feature if you didn't consider them.
On the other hand, being kidnapped for ransom or being kidnapped by the state (i.e., arrested) is a far more serious false positive, I would think, because deleting your digital data would probably make recovering a whole lot harder.
I think death is becoming increasingly costly for human civilization - as all the processes and big data becomes discontinued due to a trivial natural reason, just because DNA-based organic life on planet earth evolved so. Rejuvenation and abolition of death seems to be the only way for cloud providers to have a sane future.
Given that identity, as defined by all the data associated with a person, is unaffected by this "death" that the fleshbags who hold these identities seem to insist upon experiencing, perhaps we can instead simply migrate the identity to a different fleshbag; the identity lives on.
The processes and data go on, and we don't have to spend a lot abolishing death. New people can simply be assigned an existing identity and all the history that goes with it. We'd be foolish to do this without some thought; for example, we can put on hold identities that are of limited use.
I chuckled at first, but it doesn't seem so far-fetched. This is a story of a startup founder backed by y-combinator, who posthumously provided inspiration for a memorial bot[1]
WhatsApp (Android) stores it's backup on Google Drive by default; by using this data, it is more than possible to create a bot and resurrect someone in the digital domain.
Good feature but the three month window they grant is way too short. Winding up someone’s affairs after they have died often takes longer. A year would make more sense.
Technically you have 3 months to click the 'download all account data' button and it is from the moment of the inactivity trigger, which would reasonably be many months itself.
I'd note that under GDPR, we'd be "free" to do anything we want with data belonging to dead people.
(source : I recall that from memory from reading the GDPR document, there are some website that will source the same intel)
HOWEVER, France and Germany Data Protections law, individuals can give to data controllers general or specific indications about the retention, erasure, and communication of their personal data after their decease.
I also share a preferred playlist for the goodbye ceremony :) Probably will keep adding perks there.
It's very sad when you see an update for example on LinkedIn saying "congratulate X for his one year anniversary". No, he's not working anymore, he's dead.