loading...

User Deletion vs. User Retention

bc7 profile image Brian ・2 min read

I was having a weekly call with a startup I'm currently working with and the co-founders shared an interesting point of view and I wanted to know if others felt the same way.

We were going over features for the next sprint, and one of the features they mentioned was content deletion. Meaning, as a user, I should be able to delete my own content along with anything associated with it (likes, comments, reposts, etc.).

I agree it's needed if we want users to maintain ownership of their work, but I also took it a step further and wanted to include user deletion. Meaning, as a user, I should be able to delete my account (and anything associated with it) if I no longer want to be on the platform. Pretty straight forward, right?

So I was a bit confused when I got push back with the main concern being, in short, "we want to keep our users so if anything we should only allow deactivation in case they change their mind, not complete deletion".

Now I've worked with startups in the past that have written internal viruses almost to ensure they scrub user data, and any associations to the user, from their systems if a user requested to be removed- no questions asked.

But after seeing the other end of the spectrum where organizations solely care for user numbers as opposed to churn rates or user activity, I'm a bit uneasy.

Maybe I'm just being a privacy freak who de-authorizes apps linked to my gmail account when I'm not using them anymore, so I assume everyone would want the ability to delete their account if/when the time comes.

What are your opinions? Should platforms that require user sign also have a delete account feature by default? Yay? Nay?

P.S. Cheers for my first dev post! :)

Posted on by:

bc7 profile

Brian

@bc7

Freelance developer and security researcher with a passion for learning and mental health.

Discussion

pic
Editor guide
 

You could postpone the deletion (yet mark them as deleted accounts) and let the user know that their content will be removed forever in X days. Not sure how well this works with the GDPR thingy, though.

 

True, Kind of like a countdown to doomsday. But yeah, I'll definitely look into this as an alternative that would work for everyone if it's GDPR compliant. Thanks for the idea!

 

Well, their stance isn't just morally bankrupt, it's also illegal in the EU since the introduction of GDPR (EDIT: actually possibly before that too), so if they ever want to deal with EU citizens they better implement account deletion.

Not only are you are well within your moral rights to raise this issue, if you consider this a security risk, which I do, you might even be legally required to do so (though I have no idea about US law in this respect).

From a more personal perspective, I've mostly had bad experiences with companies' reaction when they are pointed out their legal and moral responsibilities. So you might want to consider how this will affect your future career.

 

This is very true! I forgot to mention it at the time, but I'll be sure to bring it up next call- I'm not finished with them yet! ;) I don't want to be the developer trying to make executive/managerial decisions and overstep my role, but that would also mean more work for me cause then we'd have to block access to certain regions just to ultimately undo it when they come to the same realization.