Comment by itsyonas
3 days ago
> I would assume so. It's sort of a catch 22 because if they delete your data, they have no way of knowing about you when they buy another batch of data. To have some sort of no track list, they have to keep your data.
They could store a normalised, hashed version of your data and use it to filter any incoming datasets. But, of course, why would they?
That wouldn't really work because the hash key has to be both specific enough to be unique to you and also general enough to cover any incomplete data set that matches you.
It would work in many cases, though not all. You would not hash everything together. Instead, you hash normalized identifiers independently, such as email address, phone number, or physical address. An incoming dataset would only need to match one of these to be excluded.
> physical address
Not unique to a person
> email address, phone number
Also often not unique to a person, although email addresses probably tend to have much longer lifespans as identifiers than phone numbers.
If the idea is to have a true opt-out system, it's really really difficult to implement given how these systems work.
If you look at the data provided by services like accurint, you'll frequently see the same SSNs used for decades by multiple different individuals, often with IDs from different states with the same name and DoB despite obviously being different people. With how the system works in the US, it can often be impossible for anyone to determine which physical person the SSN was actually originally assigned to.
Same obviously applies to other identifiers you suggested, but even the seemingly good ones are not very good at uniquely identifying people.
You could of course key on things like SSNs, but data brokers wouldn't be very happy about that because there are lots of SSNs tied to multiple different people.
Won't somebody think of the data brokers!?
1 reply →
It is a delete request. Your behavior may change and is on you. So, if you always don’t consent, nothing to delete.
That isn't how the collection of data works.
It's not like brokers wait around for you to sign up for something new.
Old data is resold, merged with new data, mixed, stolen, discovered, reformatted... etc...
Your actions of course do have an impact, but does changing your behavior prevent the outcome of your data being collected?
Not even close.
But you did consent every time you agree to some TOS you don't read. This is, of course, stretching the definition of consent, but legally you did.