What happens when you click delete?

Wouldn’t it be great if your data was erased when you click delete?

This might sound like an odd question. The assumption when deleting a picture, video, document or account, is that it permanently erases the content. Unfortunately, this is rarely the case.


Data is a highly valuable commodity. Your data is used by companies to understand you better, improving algorithms designed to keep your attention. The more engagement and time you spend on a platform, the more money that platform can make from advertisers.

Google, and most tech giants, for that matter, provide a prime example of how this data collection revenue model works.

How does a search engine have a market cap over a trillion USD?

The answer isn’t as straightforward as you might think.

The true value of Google isn’t in it’s widely used search algorithm and collaboration tools, but rather, the data the company collects from the use of its products and services.

Data has helped Google become one of the most valuable companies in the world.

 What is our data used for?

Valuable consumer data is used for marketing, training AI (e.g., facial recognition), location tracking and more. Some companies collect data to sell to other businesses and governments for healthy profits.

Why doesn’t it get deleted?

When you delete data, recovery systems are often set up to ensure that you can recapture your data should you desire. Therefore, technical mechanisms are built to store deleted data explicitly. Once data is marked “deleted” it is not returned in queries but remains in the database. “Delete” is very commonly just a state in the database.

When you click delete, you’re at the mercy of the service provider to determine if your data is really erased or if it is stored somewhere that you can’t retrieve it (but the service provider can).

We’ve seen big companies like Twitter, Instagram and Snapchat suffer breaches that exposed “deleted” data.

Although data protection regulations, including GDPR and CCPA, are being rolled out, consumers must explicitly request that a company permanently delete personal data.

How do we prevent this?

A good rule of thumb is: if you aren’t paying for a product, you are the product. Keep that in mind when you decide what to put online and remember that delete often really means “store somewhere else”.

Recent Posts

Why every HR team needs stronger communication security…now

A staggering 91% of data breaches occur at the communication layer – with email being the primary source. While some breaches are caused by phishing attacks, many information leaks result … Read More

Working at a Cybersecurity Startup: An Intern Perspective

Ari Kesler LockDown Intern 2020 This past summer I completed an internship with LockDown, “an all-in-one platform to easily store, share & communicate confidential or sensitive information with complete control.” … Read More

Working at a Cybersecurity Startup: An Intern Perspective (Pt 2)

Madelyn LockDown Intern 2020 This May, I had the wonderful opportunity to start a summer internship with LockDown. As a marketing and entrepreneurship major, I was beyond excited to see … Read More