Consumer websites need to be very careful about data deletion. There's a risk of an account being hacked and deleted without the owner's consent.

The GDPR includes a right to erasure, California's CCPA has a right to delete. These are good laws, they allow an individual to require a company delete all personal data they have on someone. However this right also contains a risk. What if someone unauthorized requests the deletion? Proper deletion cannot be undone, in theory even backups should be deleted.

One solution is to delay the deletion and make every effort to contact the user before it's done. Some users might interpret the delay as the company acting poorly but I think it's an important protection against accidental or malicious deletion. Facebook has had a reasonable system for this for many years now; when you delete an account you have 30 days to change your mind. As a side effect some Facebook users keep their accounts in a perpetual state of almost-deletion, the super-logoff. Even better if the user's data is hidden while in the delete-pending state.

I don't know the legal niceties of whether a company can inject a delay. The GDPR language talks about "without undue delay", which seems to leave room for a safety net. CCPA is explicit about businesses having 45 or 90 days to "respond to a request to delete".

This whole post is motivated by my Goodreads disaster. One explanation for what happened is someone could have hijacked my Goodreads account and then deleted it to hide their tracks. At first I was outraged my data could ever be deleted. But Goodreads would be correct to do that in response to a valid request for deletion. And it looks like Goodreads will delete irrevocably immediately. (I'm not certain.) If they'd put in a 30 day delay I would have noticed in time. Speculating about this scenario made me realize that instantaneous deletion is a dangerous feature for any product.

  2022-03-26 15:07 Z