Once it’s online, it’s online for good. That’s the lesson many people learn the hard way through social media, as personal messages go public and private photos end up in places they were never intended to be. But although these extreme cases make the headlines, we still put too much of ourselves online every day – and getting that back can be a frustrating task.
We live in an increasingly connected world, where our digital identities are replicated and spread over a thousand servers and services. For the most part, that’s no bad thing; sites such as Facebook are a great way to keep up with friends, while letting Amazon remember your address is a handy time-saver.
In all your years online, how many sites and services have you joined… then left behind?
The price paid for these conveniences is high, though: we surrender our privacy and information to companies, which can then use this data as they see fit. Most, such as Facebook and Amazon, will typically use the information to send targeted advertising – which is annoying at worst. Less scrupulous services will sell on our details, or cynically manipulate us into staying subscribed for longer.
And those are the ones we know about. Ask yourself this: in all your years online, how many sites and services have you joined… then left behind as the next big thing came along? Do you remember what you posted on that music forum in 2004? Or which services you tried for webmail before Gmail? We’re only human, so it’s natural that we forget these services as we move on to new and better ones. The problem is, they don’t forget us. And just like a drunken Friday night photo, that data can end up in places you never intended it to go.
A private eye
Whether you’re considering wiping your digital past or just want to avoid being targeted, the first step is to understand what you can demand of companies that have your data. This is pretty easy in the UK, as the 1998 Data Protection Act outlines our basic rights. These include the right to access and correct any data held about you, and the right to the support of the Information Commissioner’s Office (ICO) should that request be denied. The law applies to any company processing personal information within the UK, regardless of where it’s based.
The Data Protection Act isn’t a totally effective weapon, however. While you have the right to access and correct your data, the act also allows a company to charge you for the privilege. There’s currently no provision for forcing a company to wipe your data either, and although EU commissioner Viviane Reding is campaigning for a “right to be forgotten”, progress may be slow as relevant bodies consider the proposal.
While you have the right to access and correct your data, the act also allows a company to charge you for the privilege
“Its implications for the information society need thinking through carefully – as does the challenge of making this right work in practice,” a spokesperson from the ICO told us.
“We can see the desirability of an individual being able to request the removal of information where there’s no compelling reason for its retention. However, an insufficiently qualified right to be forgotten could have serious implications for freedom of expression and for the maintenance of the historical record. An example might be where a public figure tries to use the right to remove embarrassing content from a newspaper archive.”
There is some good news for consumers, however. First, the Data Protection Act forces companies within the UK to explain how data will be used and to communicate any changes to that as they occur. This is why there’s always a hullabaloo when Facebook updates its privacy policy – the company has to tell everyone what it’s doing and deal with the reaction. It’s also how we know that Facebook keeps track of information such as which profiles and photos you’ve been looking at; it then uses this to surface relevant information intended to keep you on the site.
The Data Protection Act allows room for interpretation on what data companies are allowed to keep, decreeing that no personal data can be held for longer than is “required”. The legalese surrounding the clause is hazy at best, but if you’re quitting an online service such as Facebook or Twitter and want to leave no trace on its servers, then this is currently your best legal argument. Companies such as banks may be allowed to continue storing data for legal or operational reasons, but keeping it for profit or “just in case” isn’t a valid reason, as you may want to remind an obstructive customer services agent.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
