"If I press delete, it's gone" - User Understanding of Online Data Deletion and Expiration

Andreas Kramm
Sebastian Schnorf
Proceedings of the Symposium on Usable Privacy and Security 2018


In this paper, we present the results of an interview study with 22 participants and two focus groups with 7 data deletion experts. The studies explored understanding of online data deletion and retention, as well as expiration of user data. We used different scenarios to shed light on what parts of the deletion process users understand and what they struggle with. As one of our results, we identified two major views on how online data deletion works: UI-Based and Backend-Aware (further divided into levels of detail). Their main difference is on whether users think beyond the user interface or not. The results indicate that communicating deletion based on components such as servers or "the cloud" has potential. Furthermore, generic expiration periods do not seem to work while controllable expiration periods are preferred.