What happens when you click delete?

Wouldn’t it be great if your data was erased when you click delete?

This might sound like an odd question. The assumption when deleting a picture, video, document or account, is that it permanently erases the content. Unfortunately, this is rarely the case.


Data is a highly valuable commodity. Your data is used by companies to understand you better, improving algorithms designed to keep your attention. The more engagement and time you spend on a platform, the more money that platform can make from advertisers.

Google, and most tech giants, for that matter, provide a prime example of how this data collection revenue model works.

How does a search engine have a market cap over a trillion USD?

The answer isn’t as straightforward as you might think.

The true value of Google isn’t in it’s widely used search algorithm and collaboration tools, but rather, the data the company collects from the use of its products and services.

Data has helped Google become one of the most valuable companies in the world.

 What is our data used for?

Valuable consumer data is used for marketing, training AI (e.g., facial recognition), location tracking and more. Some companies collect data to sell to other businesses and governments for healthy profits.

Why doesn’t it get deleted?

When you delete data, recovery systems are often set up to ensure that you can recapture your data should you desire. Therefore, technical mechanisms are built to store deleted data explicitly. Once data is marked “deleted” it is not returned in queries but remains in the database. “Delete” is very commonly just a state in the database.

When you click delete, you’re at the mercy of the service provider to determine if your data is really erased or if it is stored somewhere that you can’t retrieve it (but the service provider can).

We’ve seen big companies like Twitter, Instagram and Snapchat suffer breaches that exposed “deleted” data.

Although data protection regulations, including GDPR and CCPA, are being rolled out, consumers must explicitly request that a company permanently delete personal data.

How do we prevent this?

A good rule of thumb is: if you aren’t paying for a product, you are the product. Keep that in mind when you decide what to put online and remember that delete often really means “store somewhere else”.

Recent Posts

What you may not know about 2FA

If you’re like most people, you’ve been happy with the shift from PINs, to thumb print scans, to biometric/faceID scans as a method for authenticating on your smartphone. Without a … Read More

Security Best Practices You Should Implement Now

Good cyber hygiene isn’t only important at work, but also at home. Below are a few key pointers for people looking to improve their remote office and home cyber security. … Read More

Why every HR team needs stronger communication security…now

A staggering 91% of data breaches occur at the communication layer – with email being the primary source. While some breaches are caused by phishing attacks, many information leaks result … Read More