Monday 18th March 2019

New GDPR tool targets Google, Facebook with ‘automated’ right to be forgotten requests

The new tool allows users to search a database of 5,000 organizations for appropriate contact details of personnel or departments responsible for erasure requests.
Jason Smith
by on 22nd June 2018

The weeks following the advent of the GDPR, the EU’s new far-reaching data protection regulation, have been filled by endless deliberations on the part of users, organizations and public officials over how to leverage or comply with the new regulation.

While Facebook and Google were early targets for lawsuits, some web developers have taken stock of users’ increased sensitivity over how their data is processed, as well as organizations’ emerging concerns over the potential penalties for contravening the new regulation, to develop innovative solutions for the new GDPR sector.

We previously reported on some of these solutions, the more popular of which offer services to help organizations block all inbound EU traffic to their websites (a tactic that has even found popularity among mainstream American news publishers like the Chicago Tribune).

However, some of the newest GDPR tools have inverted the target market and are helping users partly automate the process of sending erasure requests, colloquially referred to as “the right to be forgotten,” to organizations that store their data.

One such tool, available at opt-out.eu, allows users to search a database of 5,000 organizations for appropriate contact details of personnel or departments responsible for erasure requests. Upon selecting an organization to contact, the tool also opens a user’s email client and populates a new message with a template email.

While the platform is still in its infancy, according to Yoav Aviram, one of the founders of the not-for-profit startup, the feedback so far has been “overwhelmingly positive.”

The most searched for organizations to date include Google, Facebook and Slack, however the early data is only based on a small sample of users from a specific demographic that Aviram describes as “privacy minded and technologically savvy.”

At the moment the tool primarily operates as a contact database and template solution, however Aviram hopes to draw a wider market to the tool and further refine and develop the range of features on offer.

“We’d like to support additional GDPR request types, such as the request for information,” he said.

“We’d [also] like to automate additional steps in the process, such as reminding users after 30 days in case a company…did not fully comply and help make an escalation to the local Data Protection Agency (DPA).”

There are also plans afoot to allow users to send emails directly from Opt Out’s email servers.

While such tools will likely become popular among users, their emergence is likely to prompt more concern among organizations already struggling to account for GDPR compliance costs estimated at upwards of £15 million per organization.

The compliance burden may also worsen for organizations in the next few years, particularly as more countries enact privacy reforms and the EU finalises its new ePrivacy regulation.