I have an old gmail account. I stopped actively using this account many years ago, but I’m still keeping it open for various reasons. I just sign in once a year or so, delete a few bits of spam, then log out.
Yesterday when I tried to log in to do this, Google wanted a phone number to verify my identity. It would not allow me to log in without a verification code from a phone. I tried to find a way around this. I clicked ‘try another option’, which then asked for the ‘last password I remember’. I tried the current password, and the previous password that I had before that - but just told me that this was not enough to verify my identity.
I checked the Google help centre. Following its chain of questions basically told me that the only reason Google would do this is if I had activated two-factor authentication, or if someone else had got control of the account (and then activated two-factor authentication). … I’m sure I didn’t do this, and I very much doubt someone else had the account.
Reluctantly, I put in my phone number (which I know Google has had in the past, because I use to use this as my main account). The first time, I left off the area code, and Google told me that the number wasn’t registered with the account. But then with the area code, the phone number worked and I was able to log in. So clearly it did have that number on record.
The very first thing I did was to try to remove any mention of this phone number from the account. But it wasn’t mentioned. There were no phone numbers listed as registered to the account, and two factor authentication was turned off. I couldn’t find any mention of that phone number anywhere in my account, nor find any way to delete it. Nevertheless, it was required when I wanted to sign in.
So I’m somewhat concerned. I don’t want this number registered to the account in any way. I don’t want to ever have to use it to verify my identity. I don’t want it to be associated with my identity. Google doesn’t show me that the number is associated with my account, but obviously it is - because it was required for me to log in!
Google has lots of ‘helpful’ pages about what personal information they store, and how you can delete it. But this experience highlights that they definitely store more than is shown in the profile page, and that there is no built-in way to ask for it to be deleted (or to even know what the information is). It makes me wonder what other personal information they have secretly stored. Probably a lot.
I’m wondering what steps I should take to have this personal data removed. I’m under the impression that there are GDPR laws which might compel Google to delete personal data if I request it to be deleted. But it isn’t clear what data they have; and it definitely isn’t clear how to contact them.
You’re already only using the account once per year. Just bite the bullet and delete the entire thing.
Shadow profiles are nothing new. A lot has been written on Facebook doing that. I have a personal story related to that as well. Years after I removed my Facebook account, I tried signing up on Instagram with a different email address, but it wouldn’t let me (probably due to the way I connected) until I entered that old email address. After a while, among the people suggested to me to follow was a Facebook friend I hadn’t connected with or looked at in years. Needless to say, I removed my Instagram account right after that, but I’m sure the data is still stored somewhere.
It’s google; their entire business is built on fucking you out of your personal data. Once they have it, they will never let go.
Until a highly scrutinized third party audit proves otherwise; I doubt even GDPR removal requests are complied with internally. They might stop telling you they have the data, but thetly won’t actually get rid of it.
I care about privacy I use gmail
Pick one
The way I read it, “verify your identity” means prove you’re not a bot, not that they had your number to begin with and need it to match.
But Google thanks you for voluntarily providing that data which is now and forever subject to Google’s privacy policy.
I thought that too at first, which is why I tried every other available option first. But that theory is disproven by the fact that the first attempt with the number told me that the given number was not registered to the account (and so I still couldn’t log in). Clearly they were comparing the entered number to something they already had.
If you skipped the area code, it probably failed the general validation check. To really test this, you would’ve needed to try a different (but completely valid) number
Unfortunately, you’re done here. You’re going to need a new number if you value your privacy. I can never trust any big company; you can try waiving GDPR in their faces all you want but with a spineless EU and too much power in such companies, you have to trust them to delete your data. I’m sure you realise that this is a silly venture.
I have a similiar experience with google. I had an old google account with an old email address that i use for work. I had access to said email mind you. With my work number.
The thing is, i want to delete it. Dont need it anymore. Yes, i can just ignore it and move on with my life but i dont want that email and my phone number tied to that google account anymore. So i did what any sane person do. Login and delete, right?
No. Fuck me in particular. Google wont let me do it. I can login BUT anytime i tried editing anything sensitive like my name, number, deactivate 2FA or in this case delete my account, i hit a wall. Something about they cant send 2fa code to this number at the moment or some shit. Cant verify the owner fo the account. Motherfucker, i have the password, the email and phone number. What more do you fucking want. The thing is, they CAN send me a code when i login. Why cant they send me when i tried to delete my account. Bunch of fuckers.
I gave up and enable inactive google account. 3 months time, supposedly google going to delete the account. Who knows. I swear, bunch of bots is running that company. Cant even find proper help. Fuck them.
You could try to enter another phone number in your profil in the hop they would either forgot your real phone number or at least mark it as an old number rather than the current one. However, you cannot be sure of the result and you risk losing access to your account.
California has a law which is similar to GDPR
Email them tell them you are a California resident (you do not have to prove this) and you want all your dt removed and an audit proving it was done.
There exists a process for them to do this.
Whether or not they “really” delete anything is a different matter.
I’d try this, but I don’t know what address to email them at. All of the support / contact instructions are a labyrinth of automated systems, with the fallback option of using the ‘community forum’. Google doesn’t seem to want anyone to contact them for any reason.
You can try all you want, but Google will always store your data in your permanent record, you may not get to see it, the EU will never know, but Google will still have it.
