Countless new apps and online services are launched every day. Curiosity might compel us to try one out, but doing so will invariably require us to create an account. As a bare minimum, we might have to supply a username and password, and as we start using it, our every action can become a data point. We generally accept this as part and parcel of our digital lives, but what if we don’t want to use that service any more? Setting up accounts is easy, but deleting them can be an infuriating process involving jumping through hoops – and in some cases, it’s not possible at all.
Last week, Apple vowed to tackle this problem on the App Store, requiring developers who require account creation to also offer a way to delete them, beginning in January. But why has Apple had to lay down the law, and what are the risks of leaving old accounts dormant?
The so-called “dark patterns” that are put in the way of account deletion are many and various. Some services merely offer deactivation, rather than deletion, “in case you wish to return”. Others require us to submit tickets for our request to be considered. Frequently, we will have to email a customer service team, or even call them on the phone, and be quizzed on our reasons for wanting to leave.
The website justdeleteme.xyz, “a directory of direct links to delete your account from web services”, is both an invaluable resource for those who want to clean up after themselves, and a fascinating catalogue of which companies make it easy to say goodbye and which don’t. Airbnb, eBay, The New York Times and Reddit are rated “hard”, while match.com, PayPal and Starbucks are rated “impossible”. Overall, the strategy is clear: the more hassle a service makes it for us to cancel, the less likely we are to do so. James Walker, chief executive officer of digital rights company Rightly in the UK, says that the primary reason is simple: we’re not considered as people, but as metrics.
“For tech companies, their success is going to be measured on the number of registered users they have,” he says. “So deleting is horrible for them because that means they have to work harder to get more people in. Also, the more people they have data on, the more they’re able to work out how to profile and target us. So, why don’t they want to let us go? They don't get any value from it. They get value in signing people up.”
For Walker, it’s part of a broader issue of data privacy; his organisation believes that we should be able to know where our data is, but also know how to get rid of it. That includes being able to end our relationship with a company or a service for good. “The number of organisations that make the removal part hard just isn’t funny,” he says. “If they want us to buy something, they make it super simple. But when we try to delete the data, they might ask for proof of who we are. They didn't want proof when we signed up and spent money!”
We may not want to spend time trying to erase our presence with services that make it difficult, and believe that the risks of leaving data hanging around are too small to worry about. But while they’re small, they aren’t nil. Old accounts are frequently compromised in data breaches; for example, former users of the once hugely popular MySpace are still plagued, years later, with spam emails and phishing attempts using data once held by the service. For anyone who uses the same password for many services and websites, the security of those accounts is dependent on the security of dormant accounts they might barely remember using. Even if data isn’t breached, it doesn’t necessarily stay put. It can quietly move between companies, being sold and shared. “There is a quantifiable risk,” says Walker. “ The more places your data is, the more potential you have for a problem. By making it hard for consumers to remove their data, businesses are creating a risk and a liability to the consumer, and even to their own business.”
When challenged on this, companies have pointed to legal and technical issues that might make deletion less than straightforward. Interviewed by US website Consumer Reports, Miriam Wugmeister, a lawyer and data specialist, said: “Your data isn’t just sitting in a spreadsheet, it can be spread across many different systems, including some which can be designed so deleting information is almost impossible. It’s an entirely manual process.”
Indeed, for social networks, your data is so entwined with other people that deletion has a direct impact on them, too. Walker, however, contends it’s often more about priorities and, ultimately, money. “Deleting data for a consumer would rank incredibly low on a development road map,” he says. “Why would they do it? It adds no value. So it'll get the least amount of effort put into it.”
Walker welcomes Apple’s move to make it easier to delete our accounts. But with many of us having racked up many dozens or even hundreds of accounts with various shops, social networks, games, productivity apps, entertainment platforms and more, the problem is more fundamental: when we sign up, we don’t know what future problems we’re also signing up for. “Privacy policies are complex and make it hard for us to know what is happening,” he says. “So there isn't enough transparency. And while the reality is that we should be reading those policies, the other reality is that we shouldn’t need to. Unfortunately, as they say, data is the new oil. Businesses can make more money out of our data than they do from us as consumers.”