1 in 3 want to be forgotten

Personal data about individuals has become a valuable commodity for many companies, and private data flows freely unless people actively choose to limit where their personal information is stored. However, a new survey of 2,000 Danes conducted by Userneeds for IDA, shows that far from everyone is indifferent to their data being stored and that just over one in three have tried to have personal data deleted in the past two years.

According to IDA's IT technical spokesperson Kåre Løvgren, it has become difficult to buy a pair of socks or a bar of soap without being offered a membership of a customer club. In addition, various social media sites, platforms, and many apps store large amounts of personal information about individuals. As a result, it can be difficult get an idea of how many places store one’s personal data.

"It is therefore gratifying that so many are actively taking action to retrieve their data. It shows that many people are aware that having personal data in too many places can be problematic, and much of one's data can often be in places one cannot remember. This could be social media that is no longer used, customer clubs that you have long forgotten about or a web shop used when shopping for Christmas presents seven years ago. These are places where there is absolutely no need to keep personal information, and I would encourage everyone to clean up at least once a year," he says.

The study also shows that it is not always easy to delete personal data. Almost half of those who have tried say that it is difficult or very difficult to make sure their private data is deleted. There may be several reasons for this, says Kåre Løvgren.

"It's not possible everywhere. Banks, for example, have to keep information for ten years, even if you change banks. And with public authorities such as municipalities or the Health Authority, it can also be difficult as they have a duty to keep records, which in some cases makes it impossible to get everything deleted. Conversely, the vast majority of private companies should have no problem with erasing data. Here, Article 17 of the EU's Personal Data Regulation is very clear, and companies must comply with it if a citizen withdraws consent," he says.

Kåre Løvgren believes that more people would take up the opportunity if they were aware of the issue and were informed of how to go about getting their personal data removed.

"It's a kind of exchange, where you hand over personal information to get access to a service, and since you shouldn't have personal data in too many places for reasons of principle, more information is needed on how to get it back. For example, the Data Protection Authority could have detailed guidance and a standard form on its website to make it easier for everyone," he says.