How to Request to Delete Personal Data

This guide will show you how to successfully request to delete personal data from any company or online service. 

Although individuals living in states or countries with consumer privacy laws will find the process the easiest, it is possible to ask companies to delete your personal data even if no such laws apply to you. 

Who Can Request to Delete Personal Data?

When it comes to data deletion, where you live matters. A lot. 

In the European Union, the General Data Protection Regulation (GDPR) gives people (or data subjects) the right to ask companies to delete their personal information.

Companies don’t always have to comply (they can refuse your right to delete for various reasons, including for freedom of expression or if deleting/archiving your data would not be in the public interest). But having this law in place makes it much easier to protect your privacy. 

Unfortunately, there is no GDPR equivalent in the US. 

Instead, more states in the US are implementing consumer privacy laws. Notable ones include the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).  

Overall, there are 12 states with signed and enacted state privacy laws. If you live in one of these states, you have the right to ask companies to delete your data. 

Tip: To track US state privacy laws, refer to the International Association of Privacy Professionals (IAPP). 

The 12 US states with data and privacy laws are: 

• California
• Colorado
• Connecticut
• Delaware
• Indiana
• Iowa
• Montana
• Oregon
• Tennessee
• Texas
• Utah
• Virginia 

Some of these laws have yet to come into effect. For instance, in Delaware, the Delaware Personal Data Privacy Act will come into effect on the 1st of January, 2025. 

Note: Being a resident of one of these states doesn’t necessarily mean that a company will delete your data. For example, under the Colorado Privacy Act (CPA, a company may refuse to comply with your request to delete data for reasons of public interest in areas such as public health, to investigate or defend legal claims, etc. 

Even if you’re not lucky enough to live in one of these states, it’s still possible to get your data deletion request approved individually by a company. 

To do that, you’ll need to contact each company that has your personal data. The easiest way to go about this is to follow data access requests under the CCPA (even if you’re not a California resident). 

The reason why is that the CCPA requires companies to give consumers an outlet to contact them about data deletion. You can check the company web page for a phone number, online request form, or email address to make a data deletion request. 

How Can I Request to Delete Personal Data?

To delete your personal data from a particular company’s database, you need to make a data deletion request. But this is not a one-size-fits-all process. Every company will have different steps in place on how to go about data deletion. 

Here’s how the process would look for Spotify users. In most cases, you should be able to adapt this approach to other companies. 

1. Go to a company’s website

First, go to the company website.

2. Look for the company’s privacy policy or its equivalent

Next, search the homepage and company website for a “Privacy Policy“ or “CCPA” link. It should be located towards the bottom of the page on most websites or included in the footer of the website. 

On the Spotify website, you can see it right in the bottom left corner of the homepage. Click the “Privacy Policy” link.  

3. Look for information on personal data rights 

Once you locate the Privacy Policy, you’ll see a page that covers privacy-related questions. This includes your data privacy, personal data rights, erasure of personal data steps, how to create an erasure request, exemptions, etc. 

Next, scroll down to find a section about data deletion requests. This is where you can learn about your personal data rights and controls. 

Spotify states exactly how you can delete your personal data. You need to go to the support page to delete non-audio-related personal data. 

Tip: While you’re on a company’s privacy policy, take the time to learn about what personal data they collect about you in the first place. In Spotify’s case, I scrolled further down the page until I came across a section called “Personal data we collect about you.” You can also press Ctrl+F and type in “data we collect” to find this section faster. 

Spotify is transparent about its data collection. They gather user data like your profile name, address, email, date of birth, gender, etc. This is done to build your profile and check if you qualify for different service options based on location.

Spotify also has an extensive section about the data they collect based on your activity. This includes search queries, streaming history, playlists you create, your library browsing history, account settings, and interactions with other Spotify users. 

If this seems too much for you, you can move on to the deletion steps. Keep an eye out for the disclaimer about your personal data and the risk of account deletion.

4. Follow the instructions

Once you reach the support page, follow the instructions to delete your personal data. 

Note: In some cases, including Spotify, you will need to delete your account to delete your personal data. 

With Spotify, there’s a separate link to close your account and delete your data for Free and Premium users. Choose the option that is relevant to you. 

After selecting, you are redirected to a new page. This is where Spotify explains what happens after you choose to close your account and delete personal data. 

If you want to proceed, click the “Close my account and delete my data” button. 

After you click this button, a live chat feature will pop up. 

The chatbot walks you through the rest of the data deletion process. Follow the prompts in the chat to finish the process.

Tip: You can request a copy of your personal data before you delete your account. This is your way to check what type of data Spotify has on you. You can do so by following the instructions on the Privacy Settings page. 

Alternative Data Deletion Request Options

If a company you want to delete your data from doesn’t provide clear instructions or you’d rather send an email, you can use the Electronic Privacy Information Center (EPIC) email template when requesting data deletion. 

Note that the email template is written with the CCPA in mind. 

There are some rules and policies to keep in mind. 

First, any data deletion request under the CCPA can be made to a business with an annual gross revenue of over $25M or collect the personal information of 50,000 consumers. If they do not check these boxes, the company must make 50% or more of its revenue from selling consumers’ personal information.

You are allowed to make this request twice annually for free. Businesses are required to respond within 90 days. They can legally ask for more information to verify the request. 

Don’t hesitate to follow up if you don’t hear back from a company in that timeframe.

Will My Data Be Deleted?

Your data may not be permanently deleted, even after a data deletion request. 

The action taken will depend on both the company’s policies and the specific data in question. Different organizations have varied protocols and considerations for data retention.

When you request the deletion of your personal data from a company, it doesn’t guarantee that all your information will be removed. While many companies do adhere to privacy laws and regulations, there are several reasons why they might retain certain pieces of your data.

First, there are operational needs for consumer data. Companies might need to keep some personal data for the core functioning of their services. For instance, an e-commerce platform might retain your address for warranty or return purposes.

There are also legal obligations to consider. In some cases, companies are legally required to retain specific data for a predetermined period. This could be for tax purposes, legal disputes, or compliance with regulatory mandates.

Companies also use backup systems. Even if a company deletes your data from its primary systems, it might still exist in backup or archival systems for a while, depending on the data retention policies. 

When signing up with a company, you should thoroughly read the privacy and data sections. You’ll learn what they do with your data, how long they keep it, and if they will permanently delete it. 

Opting Out of Data Brokers

It’s not just companies you have an account with that have your personal information. Data brokers do, too, and they give you nothing in return. 

Data brokers are specialized companies that aggregate personal information about individuals. They collect online data from social media, search engines, public records, offline databases, and your buying behaviors. Their primary business is gathering, processing, and selling or licensing these compiled profiles to other businesses, advertisers, or interested parties. 

Not many people are aware of how much data brokers know about you. A typical data broker profile can include information like:

• Your full name
• Aliases
• Home address
• Phone number
• Email address
• Age
• Gender
• Education 
• Employment history
• Family members
• Social media profiles
• Photos and videos
• Additional information. 

The good news is you can opt out of data brokers – but you’ll need to do it every few months as they are known to relist people’s data as soon as they find more of it. 

Use our free opt-out guides for step-by-step instructions (each broker has a different process). 

Popular guides include:

• How to remove yourself from Whitepages.
• How to remove yourself from Spokeo.
• How to remove yourself from BeenVerified.
• How to remove yourself from PeopleFinder.
• How to remove yourself from Radaris.
• How to remove yourself from People Background Check.   
• How to remove yourself from TruthFinder.
• How to remove yourself from MyLife.
• How to remove yourself from Intelius. 
• How to remove yourself from Fast People Search
• How to remove yourself from Arrests.org.
• How to remove yourself from CheckPeople.com
• How to remove yourself from Instant Checkmate.

Or, if you’d rather not have to opt out from data brokers manually, sign up for a data broker removal service provider like DeleteMe, who will remove you from data brokers continuously. You can read reviews about DeleteMe’s service here. 

A combination of personal data deletion requests and data broker opt-outs is a strong approach to keeping your personal details safe and private.