Why let users deactivate/delete account?

Question

Why do companies let users deactivate or delete their account?

I see this mostly for social media sites such as Twitter or Facebook. Should other sites such as ecommerce let users deactivate their account?

Answer 1

If you feel that people should have some control over their own information, then you should make it possible for them to delete that information from your system.

Since ecommerce sites (at least as I know in the US) have to deal with tax reporting, and in most systems if you delete an account then all reporting dealing with that account is deleted as well, allowing users to delete an account is likely not a legal option. At least not until the 7 year period for having audits come up has passed.

Based on info in the comments, if you have customers in Europe they have a legal right to have their information removed. One solution to this if you need to keep the account in your billing system for reporting would be to replace all of their information with dummy data. That way their information is no longer stored so you meet your legal requirements, but you don't lose your historical billing data.

Also consider the case of the recent Ashley Madison hack. It was revealed that a number of users were willing to pay money to have their information deleted from the site. That tells you that, at least in some contexts if not all, being able to delete an account is a very important feature. Shame paying money didn't actually delete anything.

Answer 2

It depends on the use case.

If a users wants to delete their account, but they can't, they might:

• Create a new account
• Abandon their account (never sign in again)
• Pester your support with requests to remove their account

All three of these things are bad UX, and degrade the quality of a website. Specifically, in the case of Facebook, having orphaned or duplicate accounts creates a bad UX for active users. It also degrades the integrity of their social graph.

Requests to delete an account on a non-social platform are less likely. The user likely has little information associated with their account that they care to hide or remove. If an e-commerce website saves credit card information (or tokens), it should probably employ a way to disable or soft-delete an account in the event that it is compromised.

Answer 3

In the UK at least, and possibly the whole of Europe there are very strict data protection laws, with some high fines against those that go against them.

The Information Commission Office have a set of data protection principles: https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/

Namely:

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

And

Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

If someone wishes for your organisation to remove all personally identifiable information about them, you need some very good reasons not to comply. There's nothing wrong with keeping the transactions, the amounts etc... But that'll be in your accounts and financials anyway.

A further case of the ICO and data protection in action was with Google and their Street view: http://www.theguardian.com/technology/2009/apr/23/google-street-view-data-protection-cleared

Note that the ICO are watching them very closely!

Answer 4

If a user wants to delete their account, then a good user experience would be one where they can delete their account. However, there are definitely situations where it is not in the best interest of the host or the user to allow a full permanent delete.

1. If the account is only deactivated (sometimes called a soft delete) the host has the ability to reactivate the account in the future if the client wants to come back.

2. In situations where a user's contribution to the platform is valuable even if the user wants to leave, hosts may prefer to preserve the content but make it anonymous. For example, Reddit does this if a user deletes their account. Any posts or comments submitted by the user stick around, they are just no longer attributed to the user.

   

Answer 5

There are a few reasons why...

...depending on the nature and location of a site:

1. User convenience and satisfaction

• If users sign up for a site (let's say Hong Kong Expatriate Community) and then end up no longer needing to use the site (e.g. user moved out of Hong Kong), then offering users the ability to delete or deactivate their account makes users happy, or avoids users feeling frustrated.
• Likewise, if a user had a mobile phone account in one country but moved, they typically want to deactivate and/or delete their account.
• Users may also want to be able to delete accounts to protect their own privacy.

2. Risk mitigation

• Sites which store sensitive user information may have a commercial interest in allowing users to delete their accounts and data, because there is risk exposure associated with every account. For example, companies storing financial data, potentially unlawful user-posted information (e.g. child-porn, drug trafficking, etc), or intellectual property data are all at risk of inconvenience or outright shutdown if authorities decide to investigate, subpoena, discover, or injunct a business.

3. Moral imperative

• Even if a company does not have a commercial interest in deleting an account, it may decide to offer this because it believes it to be a moral choice. For example: swinger dating sites might allow members to delete accounts if they decide to stop cheating, alcoholic recovery sites might allow account deletions to protect the anonymity of recovered users, political discussion sites might allow users to delete their accounts to protect themselves from repressive authorities, etc.

4. It's the law

• Some jurisdictions require sites to allow users to be deleted. The most notable of these regulations is the European Union Right to be Forgotten framework which has attracted a lot of debate and is still under evolution. It's notable because Google, Facebook, and other internet giants have been locking horns with EU regulators over how to offer and implement user data deletion.
• There are also other regions/countries looking at or implementing data deletion laws.
• Some applications are also subject to deletion requirements. For example, aspects of US HIPAA require companies to securely delete patient data partially or completely. Obviously, military and government intelligence sites are often required to let users delete accounts for legal reasons.

Answer 6

Facebook, Twitter, Quora, LinkedIn and other companies allow users to delete and deactivate their account because they might feel safer doing so. If they don't allow users to do so, their privacy would be in danger. These companies do maintain a copy of their data after deletion so that they may use it if the person is involved in something illegal.

Why would eCommerce websites allow users to delete their accounts. eCommerce websites have a very limited data of the users like name, email, address, phone number.

Answer 7

A promise of deletion of ones user data upon request can be the one thing that makes a concerned potential user join anyway. This way the user will feel in control as they can always delete their account at a later time.

Now, some companies has measures to  reduce the risk of users actually deleting their account:

• Facebook has a 7 days retention period where you can undo the deletion.
• Instagram stresses that you will never be able to use the same username again. As an alternative you can mute your account (make it invisible).

On ecommerce sites the nature of the user data is different than on social sites as the user data is only visible to the site owner and thus the users need to erase all tracks is felt less important.