Deleting a social media account, or the content within it, has become a hot privacy topic in recent times. As more and more stories surface about the extent to which cyber giants collect and use our personal information, we’ve let the shock push us towards reflex action. How dare they quietly store private call logs and precise location info from our mobile phones, we think. How dare they record every move we make with a mouse, and tail us around the web logging our various site visits.
As we finally wake up to the reality that the whole internet is one big piece of spyware, the easiest solution is to blame Facebook, then promptly delete Facebook. Because that’s what certain influencers and high profile blogs are telling us to do.
So who should we trust the least? Is deleting social media, as recommended by influentials with more aggressive tracking policies than Facebook, really the best way to reclaim our privacy? In this post I’m going to argue that it might make things considerably worse…
DOES DELETING A SOCIAL MEDIA ACCOUNT ACTUALLY GET RID OF THE DATA?
This is one of the questions those fanfaring influencers have conveniently brushed under the rug. Why? Because the answer is almost inevitably no, and that being the case, their articles don’t work.
We can be sure that even post GDPR, there are huge online providers who don’t delete the data we give them, never intend to, and don’t even claim to. And with those who do profess to delete, it’s not as simple as you might imagine.
The word ‘delete’ does not always have the same meaning to online providers as it has to us, the people who feed them with data in the course of playing with their toys.
In the days before we all started asking a lot more questions about our personal info, I would delete online accounts, and then, after a substantial period of time, reopen them with the same login details. I found in more than one case that even though the sites were claiming to delete the accounts and/or data, their system was able to remember non-default preferences, which could only be preserved if my personally identifying data had been retained. In other words, the sites were not really deleting. They were simply taking the account offline and making it inaccessible. That’s a very different thing.
HOW WOULD WE KNOW IF…?
Unless they’re stupid enough to email us or forget to reset our prefs, there’s no way of us proving that data companies have internally retained our information after account deletion. So how many really do delete, and how many secretly retain our data? The answer is we don’t know.
What we do know is that when anything is perceived to have a monetary value, asking a business to get rid of it is likely to be an exercise in futility.
Try persuading a driven company that they have to delete data which can potentially earn them money! It’s like trying to negotiate global peace. After every bid under the sun to justify keeping the data, they begrudgingly concede that they must, by law, delete (I’m in England, where GDPR is unequivocally upheld by our data regulator the ICO), and you enter phase two of the discussion. That’s the bit where the boss begins hitting you up with questions such as…
“So when we actually delete, where do we store the deleted data?”
Then, after about nine more phases of discussion you end up back at square one, trying to explain what privacy actually means, as glazed faces continue to puzzle over how it might somehow be possible to delete data, without losing access to it.
Asking data companies to delete data is like asking the local bar to tip beer down the drain. It’s worth money. They are almost irresistibly motivated to avoid throwing it away.
WHEN DELETE MEANS DELETE
But even if all data companies do adopt a strict “delete means delete” policy, we still don’t get our privacy back.
The problem lies in the way our data is shared. We consent to companies sharing our personal information with third parties who aren’t even named, and with no storage term defined for third party retention. The first parties who collect our data must be clear about what they’re doing with it, but if we’ve agreed to let them share it, everything becomes much cloudier. The range of parties receiving our personally identifying data can run into hundreds, so even if we do take the trouble to find out who’s involved, it’s wildly impractical for us to keep tabs on who has, or hasn’t, deleted.
Our data can also pass back and forth between larger powers with mutual sharing arrangements, and across the board, any deleted info remains liable to be replenished, because of the volume of sharing that takes place. Think of it less in terms of individual companies holding this or that, and more as one communal dossier that just floats around in the digital ether.
Once we sign ourselves over to a few major online providers, then realistically, the sharing policies will ensure that we lose control of our data. After sharing, the system becomes virtually impossible for us to police, and ultimately the whole dossier merges in the hands of a data broker. That shady, under-the-radar presence that will even charge us to find out what it knows about our lives.
DEVALUING OUR DATA
This is where deleting our social media content goes beyond futile, and runs into the territory of counter-productive…
Data companies are far less interested in the data we make public, than in the data we communicate privately or share only with friends. Why? Because as soon as we make data public, and freely searchable, it loses value. Who is going to pay for all our personal information if we simply post it on the open web for anyone to instantly access? No one.
That’s why social sites use various tactics to artificially limit the dissemination of our data across the web. These include restricted search options (even Twitter notoriously lacks a bio search facility), fragmented presentation, and the construction of closed, so-called ‘walled garden’ architecture.
The sites also encourage us to communicate privately. A classic example of this came with Twitter’s dramatic increase in the character capacity for Direct Messages (i.e private interactions), whilst initially maintaining a 140 character cap for public messages. Even now, private DMs offer a much higher character capacity than public tweets. The networks want us to talk privately, not only because it keeps our valuable data out of rival advertisers’ hands, but also because when we think we’re talking privately we’re more likely to divulge email addresses, phone numbers, etc.
There’s a steadily maturing privacy advocate’s joke that says if you want to increase your reach on Twitter, you should post everything via DM. In other words, the number of marketing bods lining up to pore over the average user’s private thoughts is probably greater than the number of public randoms who give a shit about his/her sanitised and contrived tweets. But after this year’s expose about Twitter employees reading users’ DMs (albeit deemed an exaggeration by Twitter), the notion of DMs being the real nub of interest on Twitter has grown out of the joke category and become more serious.
Don’t get me wrong, I much prefer Twitter’s DM system to email, because access is opt-in, rather than opt-out, and private access needs that kind of control. Plus, on Twitter we can gain a better insight into who is messaging us, because we see their profile. If email worked the way Twitter’s DM system works, scammers, spammers and hackers would have a much harder time reaching and tricking most of us. So I think the communication options on social media – particularly Twitter – have been a fantastic step in the right direction. But the fact remains that if we post publicly in places where our information is made universally searchable, we de-value our data. Doing the opposite, and taking our data off the internet, increases its value.
I’m certainly not recommending that you round up all your private contact information and blog it to the world. What I’m saying is that if you’ve publicly revealed, say, your marketing preferences and religious/political beliefs, the only thing you’re going to achieve by deleting that data is to make it more valuable to the companies who’ve already collected it.
And because the entire desperate quest for personal data is driven by financial value, making our data more valuable just drives online providers to collect more of it, more aggressively, which further compromises our privacy.
Deleting social media is a panic measure that does very little to resolve the privacy compromises we’ve already made. And certainly if a lot of us do it, we drive up the value of our data, giving online trackers more impetus to come after it.
If we’re deleting social media because we’re embarrassed about the way we’ve used the platform, that’s a different matter. But if we’re deleting it because we want to somehow punish the people who’ve used us as their product, we’re too late. They’ve already done it, they know who we are, and they’re not going to stop trying to follow us around the web. We might as well at least balance out what we’ve given them by holding onto the benefits they gave us in return.