You have a legal right most people never use
GDPR Article 17 gives EU residents the right to demand that companies delete their personal data. California's CCPA gives residents similar rights under Cal. Civil Code § 1798.105. These are real, enforceable laws with statutory deadlines — companies that ignore them face regulatory action.
The problem is exercising these rights is tedious by design.
Each company needs a different email address, a different request format, a different subject line. Some want your full legal name. Some want the email address you registered with. Some have specific legal language they require to treat a request as valid. If you have accounts with thirty companies — which most people do — that is thirty individual drafts you have to write and track.
Nobody does it. That is not a coincidence.
I built datawipe to eliminate the friction entirely.
What datawipe does
datawipe generates legally-formatted email drafts for GDPR and CCPA deletion requests, tracks the status of your requests, and flags overdue ones. It covers 55+ companies including some you have never heard of — but that definitely have your data.
# Add a request
datawipe add google.com --email me@example.com
datawipe add facebook.com --email me@example.com --gdpr
datawipe add amazon.com --email me@example.com --ccpa --name "Alice Smith"
# Generate email drafts (first one copies to clipboard automatically)
datawipe send --all
# Check what is overdue
datawipe list --status overdue
# Check overall status
datawipe status
The templates
datawipe picks the strongest applicable legal basis automatically:
| Jurisdiction | Legal basis | Response deadline |
|---|---|---|
--gdpr |
GDPR Article 17 | 30 days |
--ccpa |
Cal. Civil Code § 1798.105 | 45 days |
| generic | Polite request | No statutory deadline |
If the company is known to operate in the EU, datawipe defaults to GDPR. US-only companies get CCPA. Unknown companies get a generic professional request.
A GDPR draft looks like this:
Subject: Right to Erasure Request — GDPR Article 17
Dear Google Privacy Team,
I am writing to exercise my right to erasure under Article 17 of the
General Data Protection Regulation (GDPR).
I request that you delete all personal data you hold about me, including
but not limited to: account data, usage history, derived profiles,
and any data shared with third parties on my behalf.
My email address is: me@example.com
Please confirm deletion within 30 days as required by GDPR Article 12(3).
[Your name]
Data brokers are the hidden problem
Tech giants like Google and Facebook are visible. The companies you have never heard of are not.
Acxiom. Spokeo. LexisNexis. Whitepages. Intelius. These are data brokers — companies whose entire business model is buying, aggregating, and selling personal profiles. They know your address history, your relatives, your estimated income, your political affiliation, your purchasing behavior. They sell this to landlords, employers, insurers, and law enforcement.
You did not sign up for them. They built your profile from public records, purchase data, social media scraping, and other brokers. And they are covered by CCPA if you are a California resident.
datawipe covers the major data brokers alongside the tech giants. Most people start with Google and Facebook. The data brokers are where it gets interesting.
Tracking keeps you accountable
Companies are required to respond within the statutory deadline. Many will try to ignore requests. datawipe tracks when you sent each request and automatically flags anything that has gone unanswered past 30 days:
datawipe list --status overdue
When something is overdue, you have grounds to escalate — to the company's legal team, or to a data protection authority.
Install
pip install datawipe
datawipe generates drafts and copies them to your clipboard. It does not send emails automatically — you send them. This is intentional. The legal process requires you to actually send the request.
Top comments (0)