This guide will show you how to successfully request to delete personal data from any company or online service.
Although individuals living in states or countries with consumer privacy laws will find the process the easiest, it is possible to ask companies to delete your personal data even if no such laws apply to you.
In this guide:
Who Can Request to Delete Personal Data?
When it comes to data deletion, where you live matters. A lot.
In the European Union, the General Data Protection Regulation (GDPR) gives people (or data subjects) the right to ask companies to delete their personal information.
Companies don’t always have to comply (they can refuse your right to delete for various reasons, including for freedom of expression or if deleting/archiving your data would not be in the public interest). But having this law in place makes it much easier to protect your privacy.
Unfortunately, there is no GDPR equivalent in the US.
Instead, more states in the US are implementing consumer privacy laws. Notable ones include the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
Overall, there are 12 states with signed and enacted state privacy laws. If you live in one of these states, you have the right to ask companies to delete your data.
Some of these laws have yet to come into effect. For instance, in Delaware, the Delaware Personal Data Privacy Act will come into effect on the 1st of January, 2025.
Note: Being a resident of one of these states doesn’t necessarily mean that a company will delete your data. For example, under the Colorado Privacy Act (CPA, a company may refuse to comply with your request to delete data for reasons of public interest in areas such as public health, to investigate or defend legal claims, etc.
Even if you’re not lucky enough to live in one of these states, it’s still possible to get your data deletion request approved individually by a company.
To do that, you’ll need to contact each company that has your personal data. The easiest way to go about this is to follow data access requests under the CCPA (even if you’re not a California resident).
The reason why is that the CCPA requires companies to give consumers an outlet to contact them about data deletion. You can check the company web page for a phone number, online request form, or email address to make a data deletion request.
How Can I Request to Delete Personal Data?
To delete your personal data from a particular company’s database, you need to make a data deletion request. But this is not a one-size-fits-all process. Every company will have different steps in place on how to go about data deletion.
Here’s how the process would look for Spotify users. In most cases, you should be able to adapt this approach to other companies.
1. Go to a company’s website
First, go to the company website.
3. Look for information on personal data rights
Next, scroll down to find a section about data deletion requests. This is where you can learn about your personal data rights and controls.
Spotify states exactly how you can delete your personal data. You need to go to the support page to delete non-audio-related personal data.
Spotify is transparent about its data collection. They gather user data like your profile name, address, email, date of birth, gender, etc. This is done to build your profile and check if you qualify for different service options based on location.
Spotify also has an extensive section about the data they collect based on your activity. This includes search queries, streaming history, playlists you create, your library browsing history, account settings, and interactions with other Spotify users.
If this seems too much for you, you can move on to the deletion steps. Keep an eye out for the disclaimer about your personal data and the risk of account deletion.
4. Follow the instructions
Once you reach the support page, follow the instructions to delete your personal data.
Note: In some cases, including Spotify, you will need to delete your account to delete your personal data.
With Spotify, there’s a separate link to close your account and delete your data for Free and Premium users. Choose the option that is relevant to you.
After selecting, you are redirected to a new page. This is where Spotify explains what happens after you choose to close your account and delete personal data.
If you want to proceed, click the “Close my account and delete my data” button.
After you click this button, a live chat feature will pop up.
The chatbot walks you through the rest of the data deletion process. Follow the prompts in the chat to finish the process.
Tip: You can request a copy of your personal data before you delete your account. This is your way to check what type of data Spotify has on you. You can do so by following the instructions on the Privacy Settings page.
Note that the email template is written with the CCPA in mind.
There are some rules and policies to keep in mind.
First, any data deletion request under the CCPA can be made to a business with an annual gross revenue of over $25M or collect the personal information of 50,000 consumers. If they do not check these boxes, the company must make 50% or more of its revenue from selling consumers’ personal information.
You are allowed to make this request twice annually for free. Businesses are required to respond within 90 days. They can legally ask for more information to verify the request.
Don’t hesitate to follow up if you don’t hear back from a company in that timeframe.
Will My Data Be Deleted?
Your data may not be permanently deleted, even after a data deletion request.
The action taken will depend on both the company’s policies and the specific data in question. Different organizations have varied protocols and considerations for data retention.
When you request the deletion of your personal data from a company, it doesn’t guarantee that all your information will be removed. While many companies do adhere to privacy laws and regulations, there are several reasons why they might retain certain pieces of your data.
First, there are operational needs for consumer data. Companies might need to keep some personal data for the core functioning of their services. For instance, an e-commerce platform might retain your address for warranty or return purposes.
There are also legal obligations to consider. In some cases, companies are legally required to retain specific data for a predetermined period. This could be for tax purposes, legal disputes, or compliance with regulatory mandates.
Companies also use backup systems. Even if a company deletes your data from its primary systems, it might still exist in backup or archival systems for a while, depending on the data retention policies.
When signing up with a company, you should thoroughly read the privacy and data sections. You’ll learn what they do with your data, how long they keep it, and if they will permanently delete it.
Opting Out of Data Brokers
It’s not just companies you have an account with that have your personal information. Data brokers do, too, and they give you nothing in return.
Data brokers are specialized companies that aggregate personal information about individuals. They collect online data from social media, search engines, public records, offline databases, and your buying behaviors. Their primary business is gathering, processing, and selling or licensing these compiled profiles to other businesses, advertisers, or interested parties.
Not many people are aware of how much data brokers know about you. A typical data broker profile can include information like:
Your full name
Social media profiles
Photos and videos
The good news is you can opt out of data brokers – but you’ll need to do it every few months as they are known to relist people’s data as soon as they find more of it.
Use our free opt-out guides for step-by-step instructions (each broker has a different process).
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it.
Since joining DeleteMe in 2020, Laura has done exactly that.
Creating some of the internet’s most popular privacy content on DeleteMe’s blog, writing the leading privacy newsletter Incognito, and helping DeleteMe plan and craft its messaging across different channels, Laura drives DeleteMe’s content.
Laura has a degree from University College Cork.
You can contact Laura with questions and ideas at firstname.lastname@example.org