The nightmare when trying to close/delete accounts

This has been bugging me more and more over the past years and I just have to check if other feel the same or if it’s just me being paranoid. No clue if this is the correct category though…

I’m an old fart. Been developing websites close to 25 years. Handcoding html, css, php and javascript. Just so you know.

As everyone else, professionals as well as John and Jane Doe, I’ve signed up for a multitude of online services and today probably have at least a hundred accounts everywhere. Of course here at Sitepoint. Then it’s Facebook, Apple, Reddit, Instagram, newspapers, a political party, my housing company, betting sites, buy/sell sites, travel agencies, Google, weather forecasts and God only knows what.

It’s all fine and well. Until I want to end and close an account. That’s when hell begins.

The past two weeks, I’ve tried to end my relation with about 30 various websites/companies. To close and finish my accounts and have them delete all data about me. I have spent 3-4 hours each day during these two weeks to make it happen. When writing this, it seems as if I finally succeeded to make 75% of them obey my request. (I’m not sure, though).

Mind you, it’s not sleazy sites or shady companies with official location on some remote island in the Pacific Ocean I’m talking about. It’s legitimate, established and “serious” enterprises.

Example: I’m in Sweden and ten months ago I signed up for an account with the biggest morning daily paper here, “Dagens Nyheter” (https://dn.se). The reason was that they offered a month free online subscription. In due time (actually just a day after I signed upp), I registered that I wanted my account closed after a month. When the month was over, I tried to find a way to actually close and delete the account. Impossible.

I tried to mail them. But none of their mail options covered “delete my account” so I mailed a general mail to them. No reply, no response.

So, I tried the same again, this time sending mails to ALL available mail addresses. No response to this day.

Since then, I have received 5-6 mails from them about upgrading my account (which shouldn’t exist). Each mail was “no reply” (had I replied, the mail would bounce back to me) .

I have had 3-4 phonecalls from call centers hired by the paper. Asked each of the callers if they could see some kind of “status” on me, as if I was an account holder or similar. They couldn’t. All they knew was that I was a target.

All this drives me occasionally nuts. It’s an arrogance beyond comprehension. It’s like entering a shop without an exit. You have to ask and beg the owner to pleeeaase let you out.

I’m not a fan of regulations. Internet has a bunch of them, e.g ICANN, and they seem to work OK. But I would love some regulation saying something like “if people can create an account at your site, they must be able to easily end and close it. You must then erase all data, etc”

English isn’t my native tongue so I hope you understand what I’m after. How could a rule or regulation like that be implemented? Or do I need shrink?

I’m pretty sure GDPR covers this, so with Sweden being in the EU it should happen.

Thanks for reply. But you have misunderstood my point. Maybe I wasn’t clear.
It’s not about GDPR at all. It’s simply about being able to close/delete an account. Regardless who you signed up as.

Article 17 (Right to erasure) shown in the link covers that. They should delete all your data (that would include your account) at your will. If they are not doing that they are in breach of the regulations.

Oh, thanks for clarifying and sincere apologies for my previous comment. I hadn’t a clue. So, if I’m having issues delete/erase an account, I should mail the link https://gdpr-info.eu/art-17-gdpr/ ? But if the site/company don’t give a shit, will they be shut down or something? (again, my aplogies for language and that I’m tired)

There is plenty to read on that site. Chapter 8 deals with “Remedies, liability and penalties” which I assume would tell you how to go about reporting a non-compliant organisation.

Note that the GDPR just mandates that you be able to do it - not that it be as simple as pushing a button. They are fully within the bounds of GDPR to require you to send them a signed letter requesting the information be erased, for example. (But they do need to make the requirements known)

This on it’s own annoys me beyond all reason. Even after Covid and people working from home who used to cover phone lines, plenty of organisations don’t seem to get how much easier it is to deal with emails than making people queue up on the phone.

You’re probably aware of them and I’m not sure how much it would have helped in this case, but it is worth mentioning services such as simplelogin.io, which allow you to create an email alias for throwaway services and trial subscriptions that you sign up for.

If things don’t work out, then you can delete the alias and you will never hear from the company again. An added advantage is that if the company sells your data, or has a breach, you have an additional layer of security.

We published an article on this last year in case anyone is interested.

It is true that some companies make you go all the way to hell and back to unsubscribe or delete your account or simply chaning services.
These companies don’t realize that the more you annoy your customer, the more likely that he will become an ex-customer never to return again.

And although I do understand that these companies want to keep some kind of record about the free accounts because, well, you know, if they don’t, you’d be able to sing up over and over again and take advantage of whatever offer (or the 15 days free to test the service), it should be easy to delete any personal details easily and without any issue.

At the end it makes no sense to delete data from any page as they will have already sold the data anywhere else

That, and the fact that then (theoretically, at least) someone else could claim the account.

My preferred method is to just stop using an account if I decide I no longer wish to use the service.

When I sign up for stuff now, I use an extended gmail address - it allows me to see whether my email has been sold off somewhere, and it would allow me to filter out emails from places if I wanted to. Where my normal address might be fredsmith@gmail.com I add +something on the end and they still come to my mailbox. If I was signing up here now I’d probably use fredsmith+sitepoint@gmail.com and still get the emails, but they’re easily blocked if I need to.

Not as good as actually being able to delete certain things, though.

Those companies work on the theory that you’re already unsubscribing/deleting your account… so you’re already an ex-customer. They’ve milked you for all they’re going to get.

I didn’t know you could modify an email address like this an it still work. That’s useful to see who is selling your address to spammers.

The advice being given here is pretty solid. GDPR is definitely what you want to be looking at and the “Right to Erasure” is what needs to be invoked. As you have pointed out, there is definitely different levels of compliance and there are methods by which you can report the company. But as with most things along these lines, how much is done often is in proportion to how much you push. It may just not be worth it. Report and move on. Given enough reports on the company, usually something will be done. The penalties can get harsh with a huge fine PER VIOLATION.

Now one thing I wanted to add, since I recently added this to a related thread moments ago, is that just because you put in a request to have all data removed from a company’s records, they don’t have to remove everything. If you have conducted business with the company (such as made a purchase or created paid subscription etc.) They can keep that data for a limited period of time to meet their financial reporting obligations in the countries they do business in. They can’t keep it forever, but they can keep it to report their business transactions if they get audited or something.

Also the level of support for GDPR is often different depending on the country. Sometimes countries don’t recognize the same level of privacy protection. Believe it or not the US is not exactly as privacy conscience as countries like Canada or the EU. Believe me, I know this first hand.

All this to say it it is a bit of a slog and if you have a lot of accounts and been online actively for a long period of time, it may not be possible to erase everything out there. But many of the mechanisms mentioned here can help you going forward.

Ah, yes. I see you’ve been to an Ikea store. Horrible, isn’t it?!

ikea-blueprint775×484 103 KB

(I haven’t been for decades, I’m told it’s a little easier now).

Ah, yes, I see from your graphic that it’s a lot easier than when I went. The one I went to had about 10 floors like this.

I’ve only been once, about 15 years ago, and resolved never to go again. But some in-laws went recently, and from their accounts it hasn’t changed much — at least down here in Australia!

I followed the instructions on Facebook (as it was called at the time) on how to delete my account.

Sometime (maybe a year later) I inadvertently clicked a link which took me to the login page. My browser completed the login and password. Out of curiosity I logged in and saw that a lot of my details were still present. Being based outside the EU they are not bound by the GDPR.

I Googled around the issue and could not find a contact email or any way to request that they delete the data they hold on me. Is there anyway I can do this?