Take back your data, bring awareness, start here.
"You" are important. You are a human being but to large corporations and governments around the world, you're just another dataset to be collected and monitored on. Privacy Tracker aims to be a tool to fight this.
You can share and read about the companies, their policies and handling of data. I use this to track documents aross the internet and update accordingly. Your inputs will allow everyone else to focus in on what's important, for example, if a company claims to be compliant but is actually not.
All you have to do is: comment, share, act
The best way to fix privacy issue is policy change and enforcement. That often comes with financial incentives, for example, enough customer awareness and taking their money to a business that is friendlier. The quickest thing you can do right this instant is not using Gmail (use Protonmail or Tutanota instead) and deleting Facebook.
If they won't delete your account or the contact was impossible to find, reach out here. Issues like this needs to be known by everybody in the world so they are warned.
There are many issues when dealing with legal documents that many people don't think about.
1. Clarity and accessbility are often out of reach due to legalese and deliberately sneaky play on words. At best, it's used to take advantage of you. At worst, it's often used to hide scams and frauds. This occurs in different languages as well. Must-watch: Corporate Jargon - Lying by Obscurity
2. Companies will often not act until a transgression is publicized. See this Facebook example where Facebook removed a page only after that news was published.
3. Apple and Goldman Sachs worked together to create a credit card. The problem is that it has a part called the arbitration clause which basically states that you cannot easily sue them, instead, the company end up assigning an arbitrator that often works in the company's favor. If you read the legal documents, you'd know you could opt out of it and only within a certain timeframe. Many don't know this until it's too late.
This is what it looks like at the time of the writing:
"By accepting this Agreement or using your Account, unless you reject arbitration as provided below, you acknowledge that YOU ARE GIVING UP THE RIGHT TO LITIGATE CLAIMS (AS DEFINED BELOW) AND THE RIGHT TO INITIATE OR PARTICIPATE IN A CLASS ACTION. You hereby knowingly and voluntarily WAIVE THE RIGHT TO BE HEARD IN COURT OR HAVE A JURY TRIAL on all Claims subject to this Agreement. You further acknowledge that you have read this arbitration provision carefully, agree to its terms, and are entering into this Agreement voluntarily and not in reliance on any promises or representations whatsoever except those contained in this Agreement."
Here are some major terminologies to know.
GDPR, General Data Protection Regulation is largely a EU law that focuses on data protection and privacy. It attempts to address data outside of EU as well and has enforcement policies for non-compliance.
CCPA, California Consumer Privacy Act was modeled after GDPR, but largely a California law that currently has no enforcement policy. It remains to be seen if the rest of the US will follow suit or if there will be improvements made to it.
The right to be forgotten is also known as the right to erasure. GDPR is the first step towards being forgotten as it gives individuals the right to ask orgnizations to delete their personal data. More work needs to be done if we are to continue moving in this direction.
Data retention is where an organization retains the data even after a user have requested that it be deleted, this is usually done for legal or financial reasons. Some organizations retain PII (Personally Identifiable Information, such as passport or medical records) indefinitely and others for years.
Deleting your account does not mean they no longer have your data. This depends on organizations but most organizations in the world rarely delete everything. A commerce-related company may retain name and purchase history for accounting purposes. This is often why when a user deletes an account, they may still receive some notice years later.