The risks of not having controlled exposure to information (III)

Susana Alwasity    25 January, 2022
The risks of not having controlled exposure to information (III)

Finally comes the last and long-awaited post in this series on the risks of uncontrolled information overexposure. As we saw in the previous post, we know how to minimise the risks of our digital footprint, but now we need to know how to remove existing information.

Practical resources for the removal of information

In recent years, with the entry into force of the General Data Protection Regulation (GDPR), the trend in digital services has been towards trying to preserve the protection of the privacy of citizens and users on the Internet.

For this reason, an effective method for deleting our online accounts and associated information is to review the service’s privacy policy and find a contact or form to which we can direct our intention to exercise our right of deletion.

This right corresponds to the data subject’s intention to request the data controller to delete his or her personal data, provided that the personal data are no longer necessary for the purposes for which they were collected. To do so, we must send a letter, for example this model from the Spanish Data Protection Agency, adding our intention to delete our account or associated service.

Similarly, even if we believe that the information collected by different sites is “public”, we can almost always choose to request the removal of our information. This applies to services where, although the information is public, they are making a financial profit from the collection, or simply present the information in a structured form.

We can choose, for example, to search for ourselves in people indexing tools such as Pipl, and remove our information in the next section. Likewise, in the case of Have I been Pwned, through its Opt-out section, we can prevent access to see in which information leaks our compromised email is found.

One of the most direct ways to remove personal information displayed among Google’s results is to contact the owner of the site where they appear directly. Google also offers a form to remove personal information, and to stop indexing pages where personally identifiable information (PII) appears, such as financial information, sensitive personal or health data, contact addresses, or our handwritten signatures, among others.

If we have already removed different profiles of ours, or information that we had displayed on pages where we are not the owners, the next step is to inform Google to stop indexing the link, indicating that it is obsolete content and is no longer available. To do this, the search engine provides the user with a tool to remove obsolete content.

Finally, it should be noted that these measures are intended to control the exposure of information and minimise the risks associated with it, without forgetting the following premise:

It is not about not having information exposed about us, but about having a controlled exposure.

Leave a Reply

Your email address will not be published. Required fields are marked *