Latest news with #datadeletion
WIRED
4 hours ago
- Business
- WIRED
Data Brokers Are Hiding Their Opt-Out Pages From Google Search
Illustration: Gabriel Hongsdusit/CalMatters Data brokers are required by California law to provide ways for consumers to request their data be deleted. But good luck finding them. More than 30 of the companies, which collect and sell consumers' personal information, hid their deletion instructions from Google, according to a review by The Markup and CalMatters of hundreds of broker websites. This creates one more obstacle for consumers who want to delete their data. This story is copublished with The Markup and CalMatters. Many of the pages containing the instructions, listed in an official state registry, use code to tell search engines to remove the page entirely from search results. Popular tools like Google and Bing respect the code by excluding pages when responding to users. Data brokers nationwide must register in California under the state's Consumer Privacy Act, which allows Californians to request that their information be removed, that it not be sold, or that they get access to it. After reviewing the websites of all 499 data brokers registered with the state, we found 35 had code to stop certain pages from showing up in searches. While those companies might be fulfilling the letter of the law by providing a page consumers can use to delete their data, it means little if those consumers can't find the page, according to Matthew Schwartz, a policy analyst at Consumer Reports who studies the California law governing data brokers and other privacy issues. 'This sounds to me like a clever work-around to make it as hard as possible for consumers to find it,' Schwartz said. After The Markup and CalMatters contacted the data brokers, seven said they would review the code on their websites or remove it entirely, and another two said they had independently deleted the code before being contacted. The Markup and CalMatters confirmed eight of the nine companies removed the code. Two companies said they added the code intentionally to avoid spam at the recommendation of experts and would not change it. The other 24 companies didn't respond to a request for comment; however, three removed the code after The Markup and CalMatters contacted them. (See the data on our GitHub repo.) Most of the companies that did respond said they were unaware the code was on their pages. 'The presence of the [code] on our opt-out page was indeed an oversight and not intentional,' May Haddad, a spokesperson for data company FourthWall, said in an emailed response. 'Our team promptly rectified the issue upon being informed. As a standard practice, all critical pages—including opt-out and privacy pages—are intended to be indexed by default to ensure maximum visibility and accessibility.' The Markup and CalMatters confirmed that the code had been removed as of July 31. Some companies that hid their privacy instructions from search engines included a small link at the bottom of their homepage. Accessing it often required scrolling multiple screens, dismissing pop-ups for cookie permissions and newsletter sign-ups, then finding a link that was a fraction the size of other text on the page. So consumers still faced a serious hurdle when trying to get their information deleted. Take the simple opt-out form for ipapi, a service offered by Kloudend that finds the physical locations of internet visitors based on their IP addresses. People can go to the company's website to request that the company 'Do Not Sell' their personal data or to invoke their 'Right to Delete' it—but they would have had trouble finding the form, since it contained code excluding it from search results. A spokesperson for Kloudend described the code as an 'oversight' and said the page had been changed to be visible to search engines; The Markup and CalMatters confirmed that the code had been removed as of July 31. Telesign, a company that advertises fraud-prevention services for businesses, offers a simple form for 'Data Deletion' and 'Opt Out / Do Not Sell.' But that form is hidden from search engines and other automated systems and isn't linked on its homepage. Instead, consumers must search about 7,000 words into a privacy policy filled with legalese to find a link to the page. A spokesperson for Telesign didn't respond to a request for comment. Five of the pages listed in the California registry not only aren't indexed for search, they don't exist. For example, a company called BrightCheck, which offers 'AI-driven identity verification,' lists a privacy instructions page on the California registry. But when The Markup and CalMatters visited the page in late July, we found a notice that the page no longer exists. The page was there on March 18 when The Markup and CalMatters first scanned the site, and the Wayback Machine has an archive of the page from February 14. BrightCheck didn't respond to a request for comment. The CCPA The California Consumer Privacy Act went into effect in 2020, governing companies that make most of their revenue from selling consumer data or who make more than $25 million per year or handle the data of more than 100,000 people in the state. With no comprehensive federal privacy law, the law is among the few regulations data brokers must comply with. California's most recent broker database lists nearly 500 companies, most of which consumers have likely never heard of. They include businesses with zippy startup names like StatSocial and UpLead, and they offer everything from email marketing tools to contact directories. CalMatters last year published a guide with information on how consumers can exercise their rights using the database or third-party tools and on how they can request deletion of their children' s information. Tom Kemp, executive director of the entity tasked with enforcing the privacy law, the California Privacy Protection Agency, said in an interview that the agency had reproduced The Markup and CalMatters' findings. While he declined to comment on any particular company's practices, he pointed to an enforcement advisory from the agency on 'dark patterns,' which are design choices that have 'the substantial effect of subverting or impairing a consumer's autonomy, decisionmaking, or choice.' If a company makes it much more difficult to choose to remove their personal data than to contribute it, or includes excessive jargon or other hurdles for consumers to jump through to remove it, according to the advisory, they might be violating the law. This year, the privacy agency has taken enforcement action against companies including Todd Snyder and Honda for, among other violations, making it too difficult to choose to not have their data used. Todd Snyder paid a nearly $350,000 fine this year, while Honda agreed to pay more than $630,000. Both agreed to overhaul their privacy practices. Kemp said that, when determining whether a company has violated the privacy act, it's important to determine whether there's a pattern of activity making it difficult for consumers to exercise their rights. Hiding a privacy instructions page could be the first 'thread' in determining whether a company is shirking their obligations. In the past, other companies have been criticized for hiding important web pages from search engines. In 2019, ProPublica revealed how the company behind tax filing service TurboTax added code to effectively hide an option for users to file their taxes for free. A 2021 report from the Wall Street Journal found that hospitals were hiding prices they were required to post under federal transparency rules. Recognizing that most Californians have never heard of the hundreds of companies in the data broker registry, lawmakers in California recently passed the Delete Act. The law will create a system called the Delete Request and Opt-out Platform, or DROP, which will allow consumers in California to send a single, legally binding request to all data brokers on the registry at one time. The privacy protection agency intends to launch it next year. In the course of our investigation, we made adjustments to some URLs in California's registry. For 64 sites, we removed ' from the beginning of the domain name to resolve server errors. For an additional 16 sites, we manually edited the URL to get to a working page. In some cases, we fixed a typo, in others, we visited the broker's main site and found the correct link by navigating to it. Read our full methodology here.
The Sun
26-07-2025
- The Sun
Final warning for 40million Brits as major mobile brand to DELETE accounts in days unless users act now
A MAJOR mobile brand has warned that it will offload all of its inactive accounts at the end of the month. The Korean tech giant has told users to act now before their accounts are deleted. 2 So, if you haven't used your Samsung account in a while - it's best you do so now. The phone maker is having a big clear out of its Galaxy user accounts, which are used to access apps such as the Galaxy Store and Samsung's native apps like Health and Galaxy Wearables. On 31 July, Samsung will delete Galaxy accounts that haven't been accessed in 24 months - or two years. Samsung has sent emails to users who the company believes have inactive accounts. The warning message issued to users reads: "Samsung is implementing an inactive Samsung account policy to protect the data of users who have not used their account for an extended period of time. "Once this policy is implemented Samsung accounts that have not been logged in to or used for twenty-four months will be considered inactive and will be subject to deletion." It means some mobile users may lose their account data - anything from their step count to apps they paid for. Once the data has been deleted, it will not be recoverable. Users need to log into their Samsung Galaxy account just once in the past 24 months - or between now and the 31 July - to save their accounts. If you're unsure whether your account is at risk, check the email the account is tied to. Receiving Samsung's warning message likely indicates that your account has been inactive for nearly 24 months and should be logged into if you want it saved. While Samsung Galaxy accounts can sometimes be tied to a Google account, the Google account will not be affected by the shutdown. Google announced a similar change in 2023, warning account holders that if their profiles hadn't been accessed in two years then they would be deleted. Inactive accounts tend to be jackpots for hackers, so it is wise to delete them in order to protect user data. How to save your Samsung account Simply log into your Samsung account before 31 July. This will mark the account as active to Samsung, and spare it from deletion. Galaxy users who haven't logged in for a while should receive an email from Samsung notifying them of the change. Though, as 9to5Google noted, that may prove ineffective if the email associated with the account is also inactive. 2
