Own Your Data
for an organization using the search box at the top of this page.
the organization a request to delete, or provide a copy of your data.
using our smart follow-up assistant to help ensure that the organization complies with your request, and even help you escalate your request to the relevant government regulator.
Data protection laws require organizations to delete or provide you with a copy of your data upon request. Organizations have a short time period to comply, otherwise, they can face steep fines. Our mission is to make it easy for you to exercise your legal rights.
We are a registered charity called Conscious Digital. We created this service because we believe that privacy matters, and that exercising your right to privacy should be easy and free. We do not collect or sell personal data. The service is funded by its creators and with the help of your donations.
What is YourDigitalRights.org?
YourDigitalRights.org is a free service that helps you regain control of your online privacy by making it easy to get organizations to delete or provide a copy of the personal information that they have on you. We do this by automating the process outlined in powerful data protection laws that give you the right to delete or access your data. In addition to sending requests to organizations, we can help ensure that requests are resolved in your favor.
What are data protection laws?
Data protection laws protect individuals with regard to the processing of their personal information by organizations. They define the responsibilities organizations have when processing personal information and grant individuals certain rights in relation to their data. Many countries have data protection laws; some go further in terms of the protection they provide than others.
What countries, states, or regulations are supported?
Location | Abbreviation | Full Name | Time to Reply |
---|---|---|---|
日本 | APPI | 個人情報の保護に関する法律 | 14 days |
California | CCPA | California Consumer Privacy Act | 45 days |
Colorado | CPA | Colorado Privacy Act | 45 days |
Connecticut | CTDPA | Connecticut Data Privacy Act | 45 days |
European Union | GDPR | General Data Protection Regulation | 30 days |
UK | DPA | Data Protection Act | 30 days |
Brasil | LGPD | Lei Geral de Proteção de Dados Pessoais | 15 days |
Canada | PIPEDA | Personal Information Protection and Electronic Documents Act | 30 days |
Virginia | VCDPA | Virginia Consumer Data Protection Act | 45 days |
Please contact us if you would like to help us implement support for additional regulations.
What kind of requests can I make using this service?
We support two types of requests:
Data Deletion Requests (also known as erasure requests or the right to be forgotten requests) allow you to ask an organization to delete your personal information.
Access requests (also known as Subject Access Requests or SAR for short) allow you to ask an organization to provide a copy of your personal information.
How does the service work?
After selecting an organization and filling in a short form, we will generate a request email addressed to the organization you have chosen. The email will open up in your email app for you to review and send. Optionally, we can follow up with you a short while after a request has been sent to ensure that the request is resolved in your favor. This can include sending the organization reminder emails or escalating to the government regulatory agency.
Can organizations say no?
Data protection laws allow organizations to refuse to delete your personal information in certain exceptional circumstances. Here are some general examples, but you should read the specific regulation that applies to you for details:
When the organization is legally obliged to keep hold of your data (for example, financial institutions must keep records of your transactions in order to comply with anti-money laundering regulations)
When keeping your data is necessary for reasons of freedom of expression and information (this includes journalism and academic, artistic, and literary purposes)
When keeping hold of your data is necessary for public health reasons
When keeping your data is necessary for establishing, exercising, or defending legal claims
When erasing your data would prejudice scientific or historical research or archiving that is in the public interest
What should I do if an organization does not fully comply with my request?
Data protection laws provide various escalation mechanisms for such cases, including the possibility of filing a complaint against the organization with a government regulatory agency or taking the organization to court (called a private right of action).
If this sounds complicated, please don't worry; we can help. When submitting a data request via this service, turn on the “Smart Follow-up Assistance” option to get personalized advice on what to do in case an organization has not complied with your request. We will help you communicate with the organization and if needed, escalate to the government regulatory agency.
An organization has asked me to provide further personal information to verify my identity. Is this legal? Can they use this information for other purposes?
Data protection laws require organizations to verify the identity of the individual submitting a request to prevent fraud. Most laws also state that the verification method should be proportional to the nature of the data involved. For example, if you request a copy of your message history from a typical internet forum a simple verification that you own the email address associated with your account should be enough. On the other hand, if you request your transaction history from a financial institution, they are justified in asking you to provide additional information such as a photo ID and proof of address.
In most cases, a simple verification that you own the email address associated with your account should be enough. When you use this service to send a request, an email is sent from your email app, which provides this basic verification.
To further protect you personal information, the requests we generate on your behalf explicitly prohibit organizations from using the personal information included as part of the request for any purpose other than fulfilling the request.
Who is operating this service? Can I trust you?
We are a registered nonprofit organization called Conscious Digital. We believe in transparency, and therefore the source code for this service is open source. As for October 2022, we have helped individuals submit more than 100,000 requests to varius organizations
We are independent, do not sell your personal information, are not affiliated with any of the organizations which we help you send data requests to. We also do not provide these organizations with any services. Finally, we are funded by your donations.
We have designed this service so that, by default, it does not require us to collect any of your personal information. When certain optional features require you to provide personal information, we delete this data after 120 days. Please see our privacy policy for details.
My country has a new data protection law. Will you support it?
We would like to support all data protection laws which grant individuals the right to access and delete their personal information. Please contact us if you would like us to add support for a particular regulation.
I have a further question, how can I contact you?
Please understand that we cannot provide personal support regarding specific data requests or your experience with a particular organization. We know that, in some cases, organizations can be pretty frustrating, but unfortunately, we cannot help and will not reply to such emails.
For all other requests, please contact us via email.
This service is fantastic. Can I help?
A monthly email listing the three worst privacy-offending companies identified by our research team. Improve your privacy and take back control of your personal information by spending five minutes a month opting out of these companies.