I have an old gmail account. I stopped actively using this account many years ago, but I’m still keeping it open for various reasons. I just sign in once a year or so, delete a few bits of spam, then log out.
Yesterday when I tried to log in to do this, Google wanted a phone number to verify my identity. It would not allow me to log in without a verification code from a phone. I tried to find a way around this. I clicked ‘try another option’, which then asked for the ‘last password I remember’. I tried the current password, and the previous password that I had before that - but just told me that this was not enough to verify my identity.
I checked the Google help centre. Following its chain of questions basically told me that the only reason Google would do this is if I had activated two-factor authentication, or if someone else had got control of the account (and then activated two-factor authentication). … I’m sure I didn’t do this, and I very much doubt someone else had the account.
Reluctantly, I put in my phone number (which I know Google has had in the past, because I use to use this as my main account). The first time, I left off the area code, and Google told me that the number wasn’t registered with the account. But then with the area code, the phone number worked and I was able to log in. So clearly it did have that number on record.
The very first thing I did was to try to remove any mention of this phone number from the account. But it wasn’t mentioned. There were no phone numbers listed as registered to the account, and two factor authentication was turned off. I couldn’t find any mention of that phone number anywhere in my account, nor find any way to delete it. Nevertheless, it was required when I wanted to sign in.
So I’m somewhat concerned. I don’t want this number registered to the account in any way. I don’t want to ever have to use it to verify my identity. I don’t want it to be associated with my identity. Google doesn’t show me that the number is associated with my account, but obviously it is - because it was required for me to log in!
Google has lots of ‘helpful’ pages about what personal information they store, and how you can delete it. But this experience highlights that they definitely store more than is shown in the profile page, and that there is no built-in way to ask for it to be deleted (or to even know what the information is). It makes me wonder what other personal information they have secretly stored. Probably a lot.
I’m wondering what steps I should take to have this personal data removed. I’m under the impression that there are GDPR laws which might compel Google to delete personal data if I request it to be deleted. But it isn’t clear what data they have; and it definitely isn’t clear how to contact them.
California has a law which is similar to GDPR
Email them tell them you are a California resident (you do not have to prove this) and you want all your dt removed and an audit proving it was done.
There exists a process for them to do this.
Whether or not they “really” delete anything is a different matter.
I’d try this, but I don’t know what address to email them at. All of the support / contact instructions are a labyrinth of automated systems, with the fallback option of using the ‘community forum’. Google doesn’t seem to want anyone to contact them for any reason.