It seems a bit naive to think that a service provider would scrub their systems on individual requests.
It's not practical to perform a delete in some environments. It's certainly not practical to go through backup files and delete references in others. Everybody goes through a data recovery scenario at some point.
What you should expect is best effort. Nobody is going to re-train their neural networks that referenced your data. It's doubtful that any provider would delete what they have gleaned about you simply because you wanted your account removed.
Then there's the practicality of things. If you delete your account here on HN, would you expect all conversations that you participated in to be removed? All references to your comments? Or all comments that you made removed? Do you expect them to push that change out to google? Do you expect your references in access logs removed? There's always a trail.
Facebook isn't uniquely evil. They have the same problems as everyone else, and they have those problems at an incredible scale.
People think about these things as if they are files or entries in a simple SQL database that can simply be removed. They may use databases, but to think that all of your data exists in a singular database or that all of your data only exists in databases is simply not extrapolating what you know about technology to their environment.
If google were to remove a website from their index, how long would it take for all of their environments to no longer have a record of it? And would that actually be desirable? There aren't faceless drones working on these kinds of problems. There are very smart people and most of them have a conscience and care about end users. I don't think you would find that any large group of people at facebook, google, amazon, microsoft, or any of the big companies are completely apathetic to end user concerns. I'm sure plenty are far too busy to address individuals directly, but they certainly are not apathetic.
<sorry... I seem to have rambled off on a tangent>
> Then there's the practicality of things. If you delete your account here on HN, would you expect all conversations that you participated in to be removed? All references to your comments? Or all comments that you made removed?
There's been few debates here about the definition of to 'delete' which I won't get into. However, as a user, it rubs me wrong when companies equate simple username disassociation with deletion. It's not a user's place to wonder about the practicality of deletion at scale. A user has the right to have removed all content they've produced regardless of whether it's linked with other posts.
> A user has the right to have removed all content they've produced regardless of whether it's linked with other posts.
Do they though? Maybe I'm understanding it wrong, but I thought the GDPR only applies to personally identifying information, not all data ever generated by a user. So by disassociating the user name and the post, the post has suddenly ceased to be personally identifying information and no longer needs to be deleted.
Yeah I think that these arguments will just lead to a company getting a fine.
My data is mine not yours. If I withdraw my consent to you having it just delete it. If you can't do this then don't collect my data in the first place.
The single source of truths, all the core Facebook users data (except messages) is stored in MySQL cluster. The issue you describe is that the same data is also cached in Memcached and by other means. But deleting is entirely possible, though it's against their business model, so they make real deleting as hard to find and do as possible, and scare people away with info like "you cannot register again".
Training of neural networks is probably a gray area, and a potential issue for many companies. Example: Think of the recorded audio messages from Siri/GoogleNow/Cortana that gets processes and potentially stored and not deleted thereafter on their (and third parties like Nuance) servers. If one deletes an account, one would assume it also and especially also deletes all private data like messages, voice and video recording.
> make real deleting as hard to find and do as possible, and scare people away with info like "you cannot register again".
They do that? And is that legal? How will facebook prevent me from registering again, if they deleted all PII that they had on me? That'd be clear proof that they didn't respect my GDPR request for deletion, and I could sue them easily.
"This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it."
"When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others)."
This sounds like they properly delete it but only so long as you haven't given another user a copy of it (such as sending a message perhaps).
Also while the US has essentially no privacy protections whatsoever, I don't think a "deleted=true" would fly under EU regulations.
How do we really know that this is actual deletion and not a deleted="true" in their databases?
We don't know that. If you're feeling charitable you could believe they're being honest, but if you not then you just have to wonder. There is no way Facebook could prove they don't have a secret server with your data on it somewhere. Proving that would be impossible.
It’s the regulation. I work on EU GDPR tech stuff currently (this stuff is HOT at the moment and I have a feeling that even many large companies are quite late on the train!) in financial services sector and while some data needs to be kept for x years according to the law anyway, rest really needs to be deleted and at least my current client really doesn’t want to play with the financial risks involved with getting caught in a possible EU GDPR compliance audit.
They could be explicit about exactly what they do with the data - that way there is some PR risk to them if they get caught out "recycle binning" data.
Back in 2004 during the first months of Facebook, I deleted my account. When I signed up again a few days later, everything was still there with profile picture and everything.
The standard flow for "deleting" your account actually says "deactivate your account", and the fine print is explicit in that everything comes straight back when you log in again.
There's also a hidden link in the support pages somewhere that's supposed to actually delete your account (which is what's linked here)
> It is inaccessible to other people using Facebook.
The wording does sound very convincing but I really don't think we can just believe their word. After all it's Facebook.