Requests for Companies to Delete People’s Data Have Soared


.article-native-ad { border-bottom: 1px solid #ddd; margin: 0 45px; padding-bottom: 20px; margin-bottom: 20px; } .article-native-ad svg { color: #ddd; font-size: 34px; margin-top: 10px; } .article-native-ad p { line-height:1.5; padding:0!important; padding-left: 10px!important; } .article-native-ad strong { font-weight:500; color:rgb(46,179,178); }

There has been an increase of 72% in requests from people to companies to modify or delete their data over a year, according to a report by privacy management company DataGrail.

DataGrail analyzed the data subject requests (DSRs)—formal requests made by a person to a company to access, modify, or delete the personal data that the company holds on them—that it processed on behalf of customers from January 1 to December 31, 2022.

image

The company found an average of 650 DSRs per million identities in 2022, compared to 377 per million identities in 2021. Identity refers to information associated with a unique record of a single person at a company. A single identity accounts for one customer’s personal data within multiple systems across an organization. The customer set has more than 100 million consumer records.

In 2022, data privacy incidents made headlines, with fines imposed on companies like Sephora in the EU and U.S. This may have heightened awareness and led to more DSR requests, according to DataGrail’s CEO Daniel Barber. The widespread use of generative AI, which does not require consumer consent, further complicates the situation and may prompt action from Congress or the FTC to protect consumer privacy. As more people take charge of their data, there could be a knock-on impact on advertising revenues.

“Consumers’ desire for greater control over their personal information grows stronger by the day as people recognize that privacy should be a human right, even if it is not yet federally protected,” said Barber. “Businesses are going to have to respond in an efficient manner, if for no other reason than for the value of earning and maintaining consumer trust and reputational capital.”

Overly aggressive email marketing campaigns from brands that people have had brief encounters with lead to DSRs. And brands that offer a one-off service, like weddings or school searches, are susceptible to people asking to delete their data once they no longer need the service. 

An ad buyer at a leading media agency, who did not have permission to speak to media on this topic, said DataGrail’s findings were in line with the internal DSRs received in the last 12 months.

However, Horizon Media received less than 10% of such requests in the U.S. for this period, including opt-out requests from consumers.

“I am shocked at the 72%,” said Laura McElhinney, chief data officer at Horizon Media. “That could be because our consented data is mostly with loyalty programs. When you have a client that’s offering value, then the consumers are more likely to consent to the brand using their data.”

The report found that 52% of the privacy requests came from outside of California, including states that are yet to implement a privacy law. Most global companies tend to have a ubiquitous DSR link at the bottom of their homepage, even in regions without privacy laws.

“This tells you that the awareness of privacy and the expectation that it will increase is definitely there,” said Barber.

DataGrail’s dataset includes information from companies of all sizes, from startups to publicly traded household names.

Deletion requests rise

In 2022, the request to delete people’s data held by companies outpaced the request to access their data, per the report. For every access request, there were 56% more deletion requests. 

Barber suspects that any time a company sends an email alerting their customers about their updated privacy policy, it reminds people of how their data is used, spurring them to carry out an access, delete or opt-out request.

Costs and investment

The cost of processing a DSR—deletion or access—doubled from 2021 to 2022, per the report. It costs approximately $1,524 for a company to manually process a single DSR, according to Gartner, via DataGrail.

The cost of manually processing access and deletion requests could cost companies $648,000 per 1 million identities. This is an increase of $409,000 per 1 million identities from 2021, per the DataGrail report.

“On average, we see about 26 people involved in processing one privacy request,” said Barber.

Horizon Media’s investments in technology and automation to process privacy requests helps it manage these costs.

“Many companies haven’t invested in that technology yet and are manually having to manage [requests],” said McElhinney. “And that is very costly and time-consuming.”

Transparency is key

As the industry moves to solutions to counter signal loss, such as data clean rooms, handling people’s data, anonymization practices and utilizing it safely and competently is foundational regardless of the technology, McElhinney said.

In the future, marketers could see a rise in people using ad blockers, a reduction in targeting capabilities to avoid the costs of DSRs, a shift to contextual advertising, leading to a change in ad revenue, and the growth of privacy-centric platforms, said Barber.

Companies could “change their practices, or they could align around some general set of privacy-forward principles,” said Barber, adding, “it will affect the amount of data advertisers get, the types of data they get, and changes to how that data is shared or acquired.”

.font-primary { } .font-secondary { } #meter-count { position: fixed; z-index: 9999999; bottom: 0; width:96%; margin: 2%; -webkit-border-radius: 4px; -moz-border-radius: 4px; border-radius: 4px; -webkit-box-shadow: 0 0px 15px 4px rgba(0,0,0,.2); box-shadow:0 0px 15px 4px rgba(0,0,0,.2); padding: 15px 0; color:#fff; background-color:#343a40; } #meter-count .icon { width: auto; opacity:.8; } #meter-count .icon svg { height: 36px; width: auto; } #meter-count .btn-subscribe { font-size:14px; font-weight:bold; padding:7px 18px; color: #fff; background-color: #2eb3b2; border:none; text-transform: capitalize; margin-right:10px; } #meter-count .btn-subscribe:hover { color: #fff; opacity:.8; } #meter-count .btn-signin { font-size:14px; font-weight:bold; padding:7px 14px; color: #fff; background-color: #121212; border:none; text-transform: capitalize; } #meter-count .btn-signin:hover { color: #fff; opacity:.8; } #meter-count h3 { color:#fff!important; letter-spacing:0px!important; margin:0; padding:0; font-size:16px; line-height:1.5; font-weight:700; margin: 0!important; padding: 0!important; } #meter-count h3 span { color:#E50000!important; font-weight:900; } #meter-count p { font-size:14px; font-weight:500; line-height:1.4; color:#eee!important; margin: 0!important; padding: 0!important; } #meter-count .close { color:#fff; display:block; position:absolute; top: 4px; right:4px; z-index: 999999; } #meter-count .close svg { display:block; color:#fff; height:16px; width:auto; cursor:pointer; } #meter-count .close:hover svg { color:#E50000; } #meter-count .fw-600 { font-weight:600; } @media (max-width: 1079px) { #meter-count .icon { margin:0; padding:0; display:none; } } @media (max-width: 768px) { #meter-count { margin: 0; -webkit-border-radius: 0px; -moz-border-radius: 0px; border-radius: 0px; width:100%; -webkit-box-shadow: 0 -8px 10px -4px rgba(0,0,0,0.3); box-shadow: 0 -8px 10px -4px rgba(0,0,0,0.3); } #meter-count .icon { margin:0; padding:0; display:none; } #meter-count h3 { color:#fff!important; font-size:14px; } #meter-count p { color:#fff!important; font-size: 12px; font-weight: 500; } #meter-count .btn-subscribe, #meter-count .btn-signin { font-size:12px; padding:7px 12px; } #meter-count .btn-signin { display:none; } #meter-count .close svg { height:14px; } }

Enjoying Adweek’s Content? Register for More Access!

Recommended articles

https://www.adweek.com/programmatic/requests-for-companies-to-delete-peoples-data-have-soared/