Own Your Data
for an organization using the search box at the top of this page.
the organization a request to delete, or provide a copy of your data.
using our smart follow-up assistant to help ensure that the organization complies with your request, and even help you escalate your request to the relevant government regulator.
Data protection laws require organizations to delete or provide you with a copy of your data upon request. Organizations have a short time period to comply, otherwise, they can face steep fines. Our mission is to make it easy for you to exercise your legal rights.
We are a registered charity called Conscious Digital. We created this service because we believe that privacy matters, and that exercising your right to privacy should be easy and free. We do not collect or sell personal data. The service is funded by its creators and with the help of your donations.
What is YourDigitalRights.org?
What are data protection laws?
What countries, states, or regulations are supported?
|Location||Abbreviation||Full Name||Time to Reply|
|California||CCPA||California Consumer Privacy Act||45 days|
|Colorado||CPA||Colorado Privacy Act||45 days|
|Connecticut||CTDPA||Connecticut Data Privacy Act||45 days|
|European Union||GDPR||General Data Protection Regulation||30 days|
|UK||DPA||Data Protection Act||30 days|
|Brasil||LGPD||Lei Geral de Proteção de Dados Pessoais||15 days|
|Canada||PIPEDA||Personal Information Protection and Electronic Documents Act||30 days|
|Virginia||VCDPA||Virginia Consumer Data Protection Act||45 days|
What kind of requests can I make using this service?
Data Deletion Requests (also known as erasure requests or the right to be forgotten requests) allow you to ask an organization to delete your personal information.
Access requests (also known as Subject Access Requests or SAR for short) allow you to ask an organization to provide a copy of your personal information.
How does the service work?
Can organizations say no?
When the organization is legally obliged to keep hold of your data (for example, financial institutions must keep records of your transactions in order to comply with anti-money laundering regulations)
When keeping your data is necessary for reasons of freedom of expression and information (this includes journalism and academic, artistic, and literary purposes)
When keeping hold of your data is necessary for public health reasons
When keeping your data is necessary for establishing, exercising, or defending legal claims
When erasing your data would prejudice scientific or historical research or archiving that is in the public interest
What should I do if an organization does not fully comply with my request?
An organization has asked me to provide further personal information to verify my identity. Is this legal? Can they use this information for other purposes?
Who is operating this service? Can I trust you?
My country has a new data protection law. Will you support it?
I have a further question, how can I contact you?
This service is fantastic. Can I help?
A monthly email listing the three worst privacy-offending companies identified by our research team. Improve your privacy and take back control of your personal information by spending five minutes a month opting out of these companies.