By John Jeffay, NoCamels -
Startup protects 2M users with its free “right to be forgotten” service
We all know the data we share online with Amazon, Starbucks, Airbnb, Instagram, Spotify and a million other sites is safe. Or is it?
The risk is not generally from the company itself, but from the hackers intent on stealing our credit card details, home addresses, social security numbers and more, and selling them on the dark web.
We have no choice but to provide personal details if we want to sign up for services or make purchases. There’s no reason it needs to remain if we’re a one-time visitor, yet these sign ups account for 85 per cent of all personal data collected.
We can, technically, ask for our details to be deleted. But every US citizen has, on average, 550 companies holding data on them. Tracing the right person in each one to remove it, then confirm that it’s been done, would probably take years.
A startup based in Tel Aviv, Israel, has a solution and is championing “the right to be forgotten”. It will, for free, scan every email you’ve ever sent or received, instantly tell you exactly who holds what data on you, and allow you to have it deleted with a single click.
“We scan your email inbox, which is the key to find all traces of your digital relationships,” says Gal Ringel, veteran of 8200, the IDF’s elite cyber-intelligence unit, and Co-Founder and CEO of Mine.
“We do this in a non-intrusive way, meaning we only process email subject lines, not the content of the emails, and from the email subject line we are able to identify with NLP (natural language processing) purchases, bookings and other transactions.”
They then score each company out of five, based on the data they hold and the perceived risk from its AI analysis of 5 million company privacy policies. It’s up to the user to decide whether they want the company to retain that data, or delete it.
Gil walks through an actual example. He bought clothing at Ralph Lauren, in New York. His Mine report shows that he’s a one-time customer, that the company has his name and email address, and that, based on the likelihood of a data breach, it scores three out of five.
“Now all I need to do is to click whether I need it, meaning whether I want to keep my data there or to have it reclaimed. Reclaimed means I want to activate my right to be forgotten and reclaim my data, basically delete it,” he says.
Over 2 million people have signed up since Mine launched two years ago. Users will typically delete 15 to 30 companies straight away, then return to delete another 100. Ringel says his company has saved 350,000 of them from data breaches, by tracking the companies they deleted and informing them if it subsequently suffers a cyber-attack.
Companies have a month to respond to requests to delete data under GDPR (General Data Protection Regulation) legislation. But larger organizations struggle, and research indicates that dealing with a single request to delete can cost them $1,400, according to the technological research and consulting firm Gartner.
Mine happens to be among the companies offering a software solution for exactly that problem. In fact, revenue from that software is what allows it to provide consumers with a service for free (although it is introducing a premium paid-for version).
You could say it created a major headache for big business, then had the good fortune to provide them with a solution that proved to be quite lucrative. Mine was conceived as a consumer operation, but has been quick to take advantage of a new opportunity to help businesses.
Ringel says: “Last year companies that received these deletion requests from our users approached us and said ‘we love your product, but we don’t know how to process and delete these privacy requests at scale’. They have to get people to manually log into wherever the data is held and delete it.
“The original plan was to charge the consumer. But then we saw the opportunity to help companies as well. So we put charging consumers on hold and developed opportunities to charge companies.”
The scale of the hacking problem that Mine addresses is vast. Two incidents in 2018 give some idea of it. In March the British political consulting firm Cambridge Analytica was revealed to have misused intimate personal data from up to 87 million Facebook users in an attempt manipulate swing voters in the US election.
And in November hackers stole 5.2 million passport numbers from the Marriott International chain of 8,500 hotels and 383 million booking references – including vacation dates and home addresses (likely to be empty) of guests.