They still seem to use past email addresses for marketing communications, despite the email address on file having been changed months ago. They definitely still keep old data around and fail to sync data between vendors. Whether that's indicative of their data deletion policies remains to be seen, but to me the lack of care for using past data for active accounts doesn't paint them in a very good light.

Only 20% of accounts were breached, so that's an optimistic conclusion.

I still have two active accounts and neither of those were in the breach of the 20% of accounts.

For some services, like Anthropic/Claude's stubborn refusal to let you remove your payment method, deleting isn't even an option.

I ran into this with Sony. The website said to call, so I did. After 45 minutes on hold the guy just hung up on me saying he couldn’t help, without even really listening to me.

For a company that’s been hacked as many times as Sony, I find this to be pretty pathetic.

I'm not surprised.

Different company, same story.

In theory, it's a legal requirement based on GDPR and CCPA as well as many other new digital rights laws across Europe and many states in the USA. SoundCloud is probably big enough to do that correctly otherwise e.g. the GDPR penalty is a highish percentage of the company's total revenue which gives the laws a good amount of "teeth".

> the GDPR penalty is a highish percentage of the company's total revenue which gives the laws a good amount of "teeth"

Under 2% of GDPR complaints even result in fines. And that would require there to be grounds for a complaint - there's no way for an external user to tell whether the delete is actually done, and the DPA won't force them to submit to a third-party source code audit.

The GDPR has zero teeth. But don't take it from me, these guys have a bit more expertise than I do on this subject: https://noyb.eu/en/data-protection-day-5-misconceptions-abou...