Deletion of user account
soflow.comThe wayback machine will always remember: https://web.archive.org/web/20240503105207/https://www.soflo...
It doesn’t. You can block their crawler with robots.txt and send DMCA takedown requests for archived pages as the domain owner which they will honor.
Edit: I was under the wrong impression that if you specifically call out ia_archiver in robots.txt they would honor it. It’s been completely ignored since 2017.
If I remember correctly they changed their policy quite some time ago and started to ignore the robots.txt, but not 100% sure about it
robots.txt is a suggestion not a block
Their crawler now ignores robots.txt.
It doesn't say your account though.
It could just let you delete an arbitrary account ;)
please delete "root" here are 20 euros
Indeed - it used to be 30 euros:
https://web.archive.org/web/20230324031319/https://www.soflo...
I guess things are improving?
Or not depending on how expensive their COVID book access lawsuit turns out
Considering its a company established in Switzerland, and that by Swiss law you have the right to informational self determination, as in you have the right to correct/delete data about you (to some extend ofc), I'd say its grossely illegal
Company location does not matter for this — if you sell goods internationally, you must obey consumer laws wherever you sell them, instead of wherever your business is located
Nice, if you register you can get 10% off your deletion: https://paste.pics/59a50e49166a7c584f7e656391346329
Okay but then how can marketeers do that and still go to heaven?
What do you mean? They save you 10%. What more do you want?
It sill amazes me how peope think 10% discount is such a wonderful deal, it is not. Sure, it is something, but it's not huge.
Same thing as when you get 3 for the price of 2, which is also not a huge deal despite what you might think.
I took it that he was being sarcastic in that comment. Only the mafia would charge you for making you the favor of removing you a problem that themselves created.
PS: Oh wait, States...
First time I opened the page, it redirected me away. Second time, it stayed on the product page. Third time, it redirected me away but the back button could return me to the subject of this thread. Subsequent attempts didn't even give me that.
Is this a real product, or a test item?
It's been there for a long while, doesn't look like a test item. My guess is they're trying to take it down, but cache hits along the way bring it back for now.
It could be worse, at least it is not 19.90€ per month
don't give them ideas...
19.90€/month to keep being deleted. Otherwise we will restore your account
The Reddit method of deletion. “It’s deleted… for now”
I 'deleted' one of my Reddit accounts today.
Turns out is is 'deactivated' which is certainly different from deleted.
don't give reddit ideas.
I mean they literally undeleted content deleted during the third party app protest
Do you have a source for this? I remember people talking about it being possibile for them to do (and now redact.dev even replaces old comments with randomly-generated sentences) but I don't recall them being caught actually doing it.
It's a 'misunderstanding' of how reddit works. It turns out that you can't delete comments from subreddits that are private without the required posting permission flag.
So when subreddits went 'dark' during the protest, and then people deleted their comment history, the messages on the dark subreddits came back when the protest ended and the subreddit became public again. At that point you can just delete the comments again of course, unless you deleted your account, in which case those necromanced comments stay undead forever.
An 'unfortunate bug' with deleting comments they told me when I asked them about my full comment history (edited to be empty and subsequently deleted) being restored. Many of those subreddits did not participate in the protests.
I can confirm it happened to me. I edited + deleted all my comments and checked my comment history before deleting my account a few days later.
A week later (after my account was deleted and inaccessible) my full comment history was restored.
Reddit's official response is that it was 'an unfortunate bug' and there's nothing they could do.
Now I'm imagining mortality actually being successfully solved, and people having to pay a subscription to stay dead
:/
Still seeing it here: https://www.soflow.com/en/product/deletion-of-user-account/
Interesting links,
In the UK it's showing the initial link as costing £ 29,90.
'rip off Britain' I guess.
Probably to pay for import duties due to brexit. Not sue what the duty on account deletion is nowadays.
Would GDPR mitigate the need to pay?
I'd say so, yes. Right to deletion is a thing.
Administrative Processing Fees are a thing of GDPR. In most cases, however, this should not be a applicable for something as simple as an SQL statement from a button.
Why is it legal to charge if they don't manually, but not of they do up front work to automate it? That would create an incentive to not automate, which would be a chilling effect.
Possibly. I've done GDPR requests in the past and been asked for ID to action the request and all other kinds of daft caveats, so YMMV.
Looks like it's still offered for purchase: https://www.soflow.com/en/warenkorb/?add-to-cart=1098
Currently not fully working. You end up being redirected from the cart.
To be honest this looks like a mock product that someone thought might be funny and seems to have backfired.
If you're buying it... could you return it? If so, how would they refund you without an account?
Initiate a chargeback and they will figure it out.
When ordering two of those items (which is kinda weird) i noticed the following:
“ Your personal data will be used to process your order, support your experience throughout this website, and for other purposes described in our privacy policy.”
Does this mean while processing my order, the account removal, they update or recreate the account? :)
Interesting how it's 19,90€ in the EU but £29,90 in the UK.
Amusing, because it should be free in the EU.
Really not trying to be devil's advocate here, but the company is based in Switzerland, and neither Switzerland nor UK are in the EU.
If they only sold their products in Switzerland, sure. But once they operate in EU countries, they must respect EU laws (for those costumers, at least).
Should not matter, if they target EU customers. They also have the EU cookie banner.
A bad one after all. There is no way to deny.
Switzerland is part of the EU Internal Market through the EEA though and therefore has to implement many laws like this. It just doesn't have a say in them.
Switzerland isn't in the EEA either as they rejected EEA membership in a vote in '92.
Instead they have a weird patchwork of bilateral treaties that are designed to look pretty much like EEA membership if you squint just right, and look like just bilateral treaties in separate areas if you squint a bit differently. They're linked, and at least the first seven have a "guillotine clause" so they all cease to apply if one of them is canceled, so in practice Switzerland is practically like an EEA member, but they get to pretend it's all very different.
There are some clear differences, though, and there have been years of negotiations trying to reduce them without success.
I don't know what point you are trying to make with your snark, but bilateral treaties are much easier to alter or cancel if one party so desires, and public opinion in Switzerland is that they were definitely the right choice and the way to go forward. They are actively being negotiated.
The point is that it was constructed largely as a convenient a fiction intended to mollify the Swiss electorate after they voted no to the EEA, as the bulk of the "separate" bilateral treaties can't be separated, altered or cancelled without all of them being canceled by the guillotine clause, as Switzerland has already found out once, so there is no difference in the difficulty of cancellations, for example - you cancel one thing, and everything unravels in either case.
They are actively being negotiated because both Switzerland and the EU have realised there's a need to reform the original treaties, and the EU for a decade now have insisted that anything replacing them need to be closer to the EEA agreement, while having made clear they're not doing this crazy thing again for anyone else.
Well, judging by how incredibly many EU citizens emigrate to Switzerland, which is directly caused by the bilateral treaties, there's certainly interest from both parties to negotiate. Switzerland also pays raw cash to the EU as part of the deal.
I'm not sure how long the EU can afford to further alienate countries that pay net positive into it's wallet, after losing the UK and the continuing rise of euroscepticism.
The current round of negotiations were directly triggered by Switzerland trying to restrict freedom of movement and realizing they couldn't do that without cancelling all the treaties.
The EU can afford to stick to its guns in this indefinitely. It's made it clear for a decade that any change to the treaties with Switzerland can contain minor concessions, but only in return for a bet reduction in the deviations from the EEA framework.
With respect to euro scepticism, that largely fell apart thanks to Brexit - most of the parties arguing for the same for their countries have moderated their stances significantly, and support for the EU increased massively. Including in the UK where Brexit is widely seen as a massive mistake, and it's more a question of electoral calculus (neither of the big parties can afford to alienate the Brexit diehards yet; they're spread across the political labdscape) than anything else when rejoining gets in the political agenda.
"big reduction", not "bet reduction"...
As an addition re: the reduction in euroscepticism, according to Pew Research, between 2016 and 2019, the proportion of people with a favorable view of the EU rose 26 percentage points in Greece, 19 in Germany, 19 in Spain, 18 in Sweden 15 in the Netherlands, 13 in France, 12 in Poland, 10 *in the UK, 6 in Hungary. In 2022, a EU parliament survey showed overall support for the EU across member states was at a 15 year high, also much thanks to the Brexit bounce. In 2023, the European Parliament Eurobarameter - Autumn 2023 survey showed 72% of EU citizens think that their country has benefited from being a member of the EU, and only 22% thinks it has not.
And opinion in the EU is that it was a mistake they never want to make again. Far too complicated to negotiate 100 or do separate treaties.
Switzerland's a bit of an oddity; it's actually not in the EEA, but in EFTA. It's not subject to the ECJ, but to EFTA Court (which is definitely not the ECJ wearing false moustaches). And it's not subject to the GDPR, but it has a law aligned to the GDPR.
EDIT: No, I'm wrong; while EFTA Court used to be based in Switzerland, Switzerland is no longer subject to it. It still exists, but only for EFTA members who are also EEA members. This whole thing is impossible to keep track of.
Wikipedia has this handy diagram of European supranational bodies for those who wish to suffer additional confusion.
https://en.wikipedia.org/wiki/File:Supranational_European_Bo...
I think the idea is that the GDPR requires that companies allow users to delete or correct data about them.
And the GDPR scope is determined by the user, not the company. You can have your company based on the far side of the moon, with 99.99% of your users based on mars. For that one user that is living in Europe (note : living, not nationality) the GDPR applies.
Mind you, I'm not sure that the GDPR says that you can't charge for that. As long as you can justify that the amount is in relation to your expenses, my bet would be that a judge will allow it.
If you offer something to EU residents, you have to comply with GDPR. Even if you are not part of the EU.
You can break a country’s laws depending on whether or not you are ever going to go to that country, or what treaties your country has signed which might cause it to enforce other countries’ laws.
These GDPR conversations tend to pointlessly go back and forth on this because one side is describing the GDPR from the point of view of: what does the law say? The other is looking at it from the point of view of: I only have to follow my country’s laws.
The latter is closer to correct in some technical sense; laws have finite jurisdictions. But the EU has a big market and so lots of entities play ball with them, to some extent, in general, so it is probably better for most people to comply.
No if you operate in the EU you have to comply that's it. If you buy something from Joe the farmer in PA, you are the one importing it (you are paying the custom duties) and Joe the farmer doesn't have to comply with anything related to GDPR. If Joe the farmer wants to sell directly its product in the EU (not from the US) then he has to comply.
Is it illegal to sell something that's free?
When the regulation mandate you to provide it for free, yes…
I suspect they are providing it for free, but also selling it.
Are you sure? I'd expect this to be legal, even if they're required to delete if users make a legal request
GDPR, and right to be forgotten (a.k.a. removal of all and any PII including account)
Well, there can be administrative fees. It is a right, but that does not imply that it is cost-free. As a EU citizen you have the right to settle in france, but the registration process in the village you need to pay.
Is that actually a legal requirement?
yes
This is a sever breach of GDPR, so is their practice to use the information you give them when ordering for other things then processing your order without an explicit non required opt-in on your part.
Furthermore in the past when GDPR was new, judges where often quite lenient when it came to enforcement of first offenders but that is increasingly less the case. And which such bland consumer abusive business practices they might be in for a really bad awakening (if they sell to the EU).
Additionally given all that I wouldn't be surprised if their website is also committing GDPR violations.
Also even if they have free GDPR deletion "hidden somewhere" that still would be a violation of GDPR as it has been clarified by judges in other cases (related to information requests instead of deletion).
IANAL, but I don't see any requirement of it having to be "free". I probably miss something. And It would seem very much against the spirit, but is a company really not allowed to charge fees for "deleting"?
EU courts enforce the spirit of the law as well, not just the letter. It's called "teleological interpretation".
Especially as these are not legal in the UK (except on private property).
If you go back on the Wayback Machine it was 29,90€ 9 months ago too
Brexit dividends.
The account thing seems to be an issue for people who buy e-scooters on the secondary market (i.o.w. used). Often, the scooter is still tied to the previous owner's app.
I've found forum posts of people resorting to using the email/password from the previous owner, or sending a registered letter to SoFlow asserting the new ownership.
So, and now I'm speculating, it's possible that this is less about deleting the account than it is about unlinking a scooter from your account, and it is a way for SoFlow to dip into the secondary market -- each transfer nets them another 20 EUR.
It's also possible that this is a way for the new owner to unlink their scooter from the previous owner, with an associated service charge -- the checkout page requires proof of ownership. In that case, it might be a way to prevent fraud, i.e. people stealing scooters and resetting them; thieves are unlikely to pay 20 EUR for that, nor are they keen on tying their real identity to the stolen scooter.
Like I said, this is speculation and I'm not saying this is a good way to do it, and it's not at all explained on the website, I'm just thinking aloud here. It just seems unlikely that anybody would attempt to charge 20 EUR for a simple account deletion.
That sounds like the most reasonable explanation for this.
This is weird. Their privacy policy enforcing them to delete your account. I guess it is just a catch for those who don't know what GDPR us.
4. Right to deletion
a) Obligation to delete
You may request the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete such data without undue delay, if one of the following reasons applies:
- The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based and there is no other legal basis for the processing. You object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing.
- The personal data concerning you have been processed unlawfully.
The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) DSGVO.
It might be similar to how credit report agencies have to provide the reports for free under GDPR, but not before trying to make you pay twenty different ways.
>but not before trying to make you pay twenty different ways.
This itself is illegal. It must be simple and straightforward. EU laws broadly do not tolerate the rules lawyering popular in the US, companies know what the intent is and playing games will not work out in their favor.
Yet none of this is enforced, otherwise all the (non-compliant) obnoxious cookie consent popups would disappear overnight.
Same with the DMA - Apple is blatantly acting in bad faith and contempt of the regulations and have yet to see a fine.
a practice which was found to illigal in court cases
The question is - will they actually be fined by anyone in EU for this? Because in practice GDPR enforcement is incredibly spotty and slow.
It’s meant to take on the large/multiple offenders; if they get enough complaints about 1 company and after warnings that company doesn’t change, they will fine.
Facebook has probably the most complaints ever and the fines are a rounding error of the profit they made breaching the regulation.
they could fine without warning and IMHO they should start doing so it's the law isn't new isn't complicated to roughly get right for 99% of companies so there is no longer reason to go easy on companies which seem to very knowingly give a shit (independently of weather it actually was knowingly)
That would make it more like the US with over litigation, companies hiring people to find competitors in violation and going by the letter instead of the intent of the law. Also; the gdpr is large and complex but the intent is pretty clear; if we start to go by the letter, very many companies are unknowingly in violation but cannot afford consultants. They don’t abuse the data ; they just store too much for instance. It would be very strange if they get fined immediately; they will have 0 complaints over their existence probably, so a warning would suffice.
The companies that don’t give a shit aka ignore warnings from the overseer in their country, will get fined; small or big. It works fine.
GDPR enforcement happens on a daily basis
the problem is violations are just far to many
the reporting of them spotty
and the processing is far too slow
also too little clarification for "predictable edge cases and ways companies try to circumvent" had been put in law upfront (laws some a form of comment section into which such things can be placed, most times as result of previous court decisions)
and from the resources which are available too many are bound in large companies bullshitting around by trying to delay enforcement by a very obvious misinterpretations of the law and huge legal teams/founds to delay and delay and delay
Does the GDPR prevent the data controller from charging the user reasonable costs for deletion?
There are circumstances where they can charge a 'reasonable fee' for processing a Subject Access Request.
yes it's free of charge and has to be processed in due time
also having a payed deletion and a hidden free GDPR complilant deletion is also not legal
Am I getting it correct? They are selling you the right to delete your account with them.
I'm equally surprised.
This is almost certainly a joke which they should quickly remove to not get hefty fines from european authorities.
it doesn't seem to be one
Source? It very much seems to be one to me.
Can I delete any user account?
Monetization of churn? Nice try marketeers, you gave me the fatal argument I needed to never sign up. Just because you revealed your values with that proposal, I know I never want any relationship with that.
This has to be illegal, right? There’s no way this is allowed. It can’t be legally or morally correct to hold someone’s data, and when asked to remove that data from your servers via account deletion, ask for 20 dollars. Adobe does this too, and I feel that subscription based models and hypermonetization is going to become more and more common in the next 10 year.
BTW there are European banks that have fees for account closure (and for cancelling credit/debit cards; and for stopping standing payment orders; and maybe for cancelling SEPA mandates).
I thought this had to be an April Fools' Day joke but upon checking the source, it shows the page was last modified on 2023-11-14. It's even more hilarious (in a sad way).
Deletion of user account
Purchase the required SoFlow account deletion from the official SoFlow online shop.
€ 19,90
Must be some kind of weird technical reason (easier to create a "product" to execute an account deletion etc). I dont think they actually charge for that.
And theres a cookie popup with "we value your privacy"
Well, looks like they took this too literally and put actual price on "your privacy".
That would be 19.90€ please.Wow, this is just next level. Paying for deletion of your account? Okay I'd cancel my credit card before I'd pay a euro for that.
I've been playing with this and have a few of them in my cart:
Total € 183.545.103.533.410.025.472,00
They apparently don't do live stock availability checks :)
Keep on going until it overflows and sets the sign bit, then they'll credit your card with quintillions of euros.
I love the fact that they made the price a catchy 19,90 instead of 20 as if it was a product they'd like for people to buy.
Wouldn't a GDPR request regarding the right to erasure have the same effect and be free (if the company respects the GDPR)?
Hmm... I'm not sure it will.
SoFlow AG Bionstrasse 4 9015 St.Gallen Switzerland
They are not members of the EU. Still, a well-written email in legal lingo in the country's official language helps a lot. Remember to include a reference to the relevant local law.
Some leads: https://www.ey.com/en_ch/law/a-new-era-for-data-protection-i...
yes and for the account owner they must
- provide it for free and process it in due time
- not hide it trying to trick the user into "buying" something to delete their account
through if you have bought one but can not use it because someone else has an account with the hardware you bought from them then the person from which you bought it must do the deletion request for it to be covered by GDPR
and they probably could come up with some nonsense where the account is deleted by the device "stays locked" and you have to pay 20€ to unlock it for a new account
that might still be in violation of consumer protection law, but no longer has anything to do with GDPR and even in consumer protection law will be in a gray zone where you can do little but complain to official agencies
Technically still better than not offering deletion at all, but of course in reality it's in many ways worse.
Reminder that HN does not have any method to delete an account at all.
Oh, yet another violation of GDPR…