Apple Says Apps Supporting Account Creation Must Offer Account Deletion Starting Early Next Year

[Pro Apple Silicon]

If it’s personally identifiable information, then yes it does.

Do we always have to delete personal data if a person asks?

Grounds on which an organisation can refuse, or not, to delete a citizen’s personal data under the EU’s data protection law.

ec.europa.eu

If you can't keep business records, you can't do business. Obviously there are transaction records that are not erased and will be kept as long as necessary. And yes of course they will connect to identifiable information such as a person's name.

Imagine being a large company that has to report sales information to stakeholders, and they were to say, "These sales exist but we can't tell you where they came from because the customer asked us to delete their records." Lol. That's what we call defrauding the company.

I don't think you understand the purpose of GDPR.

 

[mansplains]

I love this. Sign in with Apple at least makes it easy to see where all of your data is linked, and that's been my issue with account deletion attempts. Trying to remember what accounts I made when I was younger for defunct services (rip flash games!)

However, when you go to delete a profile you used Apple SSO for, it seems to deactivate. For example, I've previously used this for my McD's account. Then I wanted to remove the fast food temptations from my phone, I delete the account through Apple SSO. But then, when I re-download McD's app, I can't create a new account with Apple SSO, it pulls the one I deleted back from the grave.

 

[Gameboy70]

I'm curious as to why anyone would "delete" an account with a random service, and what they actually think happens when they do.

Companies are still going to maintain records of you having existed at some point. You might not have an active login. Your email might not come up when you search for it. But you're not "erased".

I read the news as pertaining more to accounts like Adobe CC or NYT subscriptions, which are easy to create but require calling an agent to delete, usually after 15 minutes of retention pushback.

User data retention is almost certainly still happening, but the major hassle of having to beg for cancellation will be a huge weight off our shoulders.

 

[Pro Apple Silicon]

I read the news as pertaining more to accounts like Adobe CC or NYT subscriptions, which are easy to create but require calling an agent to delete, usually after 15 minutes of retention pushback.

User data retention is almost certainly still happening, but the major hassle of having to beg for cancellation will be a huge weight off our shoulders.

Yeah and I agree. Some people seem to have a very unrealistic idea about what "deleting an account" consists of.

 

[PBG4 Dude]

I'm curious as to why anyone would "delete" an account with a random service, and what they actually think happens when they do.

Companies are still going to maintain records of you having existed at some point. You might not have an active login. Your email might not come up when you search for it. But you're not "erased".

UPDATE Customer
SET Status = ‘I’
WHERE Cust_ID = ____

 

[Shirasaki]

Certain country already mandatory permanent record retention whether You delete account (or you die) or not, and apple can’t really control those behaviours. Seemingly good change could easily lead to placebo on day 1 after the new rule is being put in effect. I don’t see any actual changes happening.

 

[Rydawg96]

Facebook?

Facebook has allowed complete account deletion for a few years now, but I remember when they only allowed deactivation.

 

[rehkram]

Facebook needs totally new, ethical management, frankly. Watching the dirty money roll in has hypnotized the current one.

 

[Vlad Soare]

If you can't keep business records, you can't do business. Obviously there are transaction records that are not erased and will be kept as long as necessary. And yes of course they will connect to identifiable information such as a person's name.

Imagine being a large company that has to report sales information to stakeholders, and they were to say, "These sales exist but we can't tell you where they came from because the customer asked us to delete their records." Lol. That's what we call defrauding the company.

I don't think you understand the purpose of GDPR.

You may retain all the records you wish, provided you anonymize all the personal data in them. You are allowed, for instance, to retain my records if you replace "Vlad Soare" with "Anon_cust_253xx", "Bucharest, Romania" with "anon_addr_xx33y", and so on.
This way you can report to stakeholders anything they might reasonably need to know.

 

[paulsydaus]

Honestly how was this not a requirement 5 or more years ago?
the EU has been talking about this stuff for years…. The cynical side of me thinks Apple uses privacy purely as a marketing tool and these changes are happening now to deflect the bad press regarding the anti trust cases.

 

[paulsydaus]

You may retain all the records you wish, provided you anonymize all the personal data in them. You are allowed, for instance, to retain my records if you replace "Vlad Soare" with "Anon_cust_253xx", "Bucharest, Romania" with "anon_addr_xx33y", and so on.
This way you can report to stakeholders anything they might reasonably need to know.

This. Also the eu is strong on data harvesting. It requires companies seek positive confirmation that a user is still an active customer every few years. No response from customer means all records must be deleted or anonmyzed by law.

 

[svish]

Excellent move 👏. Fantastic news

 

[Pro Apple Silicon]

You may retain all the records you wish, provided you anonymize all the personal data in them. You are allowed, for instance, to retain my records if you replace "Vlad Soare" with "Anon_cust_253xx", "Bucharest, Romania" with "anon_addr_xx33y", and so on.
This way you can report to stakeholders anything they might reasonably need to know.

That's the same as creating fraudulent records.

 

[Vlad Soare]

No, it's not, because all the possibly relevant information is still there. My identity is no longer relevant for anyone, neither for shareholders, nor for any regulatory bodies. Actually, the records themselves are no longer relevant from a legal point of view. If you want to retain, for your own purposes, the information that you sold an iPhone ten years ago, you're free to do that.

 

[Unregistered 4U]

Imagine being a large company that has to report sales information to stakeholders, and they were to say, "These sales exist but we can't tell you where they came from because the customer asked us to delete their records." Lol. That's what we call defrauding the company.

You can still have information that a sale came from a country, there’s very little personally identifiable in that. I’m absolutely certain that there’s not a sales guy reporting to Tim “Jim Bamintis bought another iPhone this year”.

If the warehouse is empty and the coffers are flush, and stakeholders getting their returns AND there’s paperwork to show it, no stakeholder is going to be asking, “BUT, of the ones that went to Greece… can you give me the email addresses they signed up with? Because, while it’s very likely that 100 you reported sold sold, if you can’t hand over the email addresses, then I can ONLY assume your sales are fraudulent!”

 

[PBG4 Dude]

No, it's not, because all the possibly relevant information is still there. My identity is no longer relevant for anyone, neither for shareholders, nor for any regulatory bodies. Actually, the records themselves are no longer relevant from a legal point of view. If you want to retain, for your own purposes, the information that you've sold an iPhone ten years ago, you're free to do that.

So the records wouldn’t be needed in case of an recall, for example? What if your product is catching people’s homes on fire (Chevy Bolt). How are you going to reach your prior customers if you’ve erased their data?

 

[Vlad Soare]

How are you going to reach your prior customers if you’ve erased their data?

You're not, because they have explicitely expressed their desire not to be reached anymore. That's the whole point.
If they don't request this, then you may store their records and personal data for as long as you wish.

 

[Salvor Hardin]

Honestly how was this not a requirement 5 or more years ago?
the EU has been talking about this stuff for years…. The cynical side of me thinks Apple uses privacy purely as a marketing tool and these changes are happening now to deflect the bad press regarding the anti trust cases.

The companies behind these anti trust cases don’t want easy one tap account deletion and subscriptions cancelling, very likely their end game is Apple having no control over user privacy or safety.

 

[Abazigal]

Honestly how was this not a requirement 5 or more years ago?
the EU has been talking about this stuff for years…. The cynical side of me thinks Apple uses privacy purely as a marketing tool and these changes are happening now to deflect the bad press regarding the anti trust cases.

How is this the fault of Apple, and not the individual developers themselves?

 

[laptech]

So the records wouldn’t be needed in case of an recall, for example? What if your product is catching people’s homes on fire (Chevy Bolt). How are you going to reach your prior customers if you’ve erased their data?

That is the excuse that nearly all companies use when they say they need to keep hold of ex customer accounts, the 'what if' scenerio.

 

[Unregistered 4U]

That is the excuse that nearly all companies use when they say they need to keep hold of ex customer accounts, the 'what if' scenerio.

All the while forgetting that when they send out a recall notice, it’s likely going to be amplified so that anyone who has a Chevy Bolt can just go to the website and check their VIN against the affected ones.

 

[Vlad Soare]

Also, if someone still has a Bolt then it's very unlikely that they will request Chevy to delete their records. Why would they do that?
This law is aimed rather at people who have sold their Chevy years ago, have been driving something entirely different ever since, and who want Chevy to stop sending them marketing materials and to leave them alone. Since they have no business relationship with Chevy anymore, they are entitled to request that Chevy delete their personal data.