News, 17.05.2023, 11:30 AM
Google announced that from December of this year, it will start deleting inactive accounts. The company claims that this will help protect users from security threats.
The company said that starting this year, it will start deleting Google accounts that have not been used for at least two years. This includes all content within Google Workspace (Gmail, Docs, Drive, Meet, Calendar), YouTube and Google Photos.
The new policy is effective immediately, but will not immediately affect users with inactive accounts. Google says it will take a phased approach, starting with accounts that were created but never used again.
Months before the account is deleted, numerous notifications will be sent to the account email address and the recovery email address (if available). This will only apply to personal Google Accounts, not business users.
By deleting inactive accounts, Google wants to comply with industry standards regarding the retention and deletion of accounts, but also to limit the time during which it retains unused user data.
The new policy states that Google will consider an account active if a user logs in at least once every two years. “If you have recently signed in to your Google Account or one of our services, your account is considered active and will not be deleted,” Google explained.
Activities that Google says are enough for an account to be considered active include reading or sending emails, using Google Drive, watching YouTube videos, downloading an app from Google Play, using Google Search, using Sign in with Google in an app or on a site. Also, if you pay for a subscription through your Google Account, for example a news publication or an app, Google will take this activity into account as well.
The company claims the new guidelines will help prevent threats such as spam, phishing scams and account hijacking.
As explained by Google, forgotten or unattended accounts often use old or reused passwords that may have been compromised. They also often lack two-factor authentication and have fewer user security checks. Such accounts are at risk of being compromised. If compromised, they can serve as a vehicle for a variety of malicious activities, ranging from identity theft to spreading spam or even malicious content.
“Our internal analysis shows that abandoned accounts are at least 10 times less likely to have 2-step verification set up than active accounts,” the company said in a blog post.
Photo: Sarah Blocksidge
