I am writing to ask about a mobile app that I downloaded and without reading the privacy policy I accepted it. When I decided to delete my account I was told the company has a right to hold my data for 4 years after I decide to delete my account.
I wanted to know if this in inline with GDPR laws in regards to right to be forgotten. If I can get some guidance, I can email the app developers and explain that I would like them to delete my data.
Assign topic to the user
It depends on the privacy policy and the data you shared with the app. In privacy notice, the data controller will tell you what kind of data the app will have access to and ask for your consent.The data subject can withdraw the consent at any time and for any reason.
According to Article 15 GDPR you can demand access to data stored by the data controller (right of access ) and of course you can demand that data based on consent shall be erased under Article 17 GDPR unless there is another legitimate ground of processing. I.e., if the app required your consent to access your image gallery and some photos of you had been processed (i.e., stored in the cloud), you can demand the cancellation of images stored but you may not be able to demand the cancellation of some information related to your account if they are processed under another legitimate grounds. I.e. billing information can be stored for longer periods because of tax laws provisions.
The data controller shall erase your data without undue delay. In your request, you can refer to the data minimization principle demanding to cancel all the information that is no longer necessary to be processed. Of course, this is a general answer, based on your statement that the data processing is based on consent. You should check in the privacy notice which is the legitimate ground and what information is stored before demanding to proceed under Article 17 GDPR.
Here you can find more information:
- Article 15 GDPR: https://advisera.com/eugdpracademy/gdpr/right-of-access-by-the-data-subject/
- Article 17 GDPR: https://advisera.com/eugdpracademy/gdpr/right-to-erasure-right-to-be-forgotten/
- Right to be forgotten in the era when everyone seems willing to be remembered: https://advisera.com/eugdpracademy/blog/2019/08/26/gdpr-right-to-be-forgotten-an-easy-explanation/
You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Nov 19, 2020