JunkMail
Back to blog

The Right to be Forgotten in Practice: How to Verify a Service Truly Deleted You

GDPR gives you the right to be forgotten, but how can you be sure your data is truly erased? Discover how an email alias becomes your best verification tool.

By Leadership Team1/25/2026

Article 17 of the GDPR, known as the "right to erasure" or "right to be forgotten," is one of the most powerful protections for European citizens. It allows you to ask a company to delete all your personal data.

In theory, it's formidable. In practice, it's an act of faith. Once your request is sent, how can you verify that the company has actually complied? Has your data been deleted from the main database? What about backup servers, marketing lists, analytics tools, or customer support logs?

The Problem: A Blind Act of Faith

When you send a deletion request from your primary email address (e.g., john.doe@email.com), you have no way of knowing if your address persists somewhere. Months later, you might receive a newsletter, a notification about updated terms and conditions, or worse, a data breach notification, proving that your request was not fully respected. But the damage is done.

The Email Alias: Your Digital Lie Detector

This is where the strategic use of email aliases transforms an act of faith into a verifiable action. By adopting good digital hygiene, you can turn each alias into an "emergency switch."

The method is simple:

  1. Registration: For each new service, use a unique alias. To sign up for example-service.com, don't use your primary email, but a dedicated alias like example-service@myalias.com.

  2. Deletion Request: When you wish to exercise your right to be forgotten, send your official request from this alias example-service@myalias.com.

  3. The Key Action - Cut Contact: Once confirmation of deletion is received (or after a reasonable period), log in to your alias manager (like Junklmail) and deactivate or delete the example-service@myalias.com alias.

It is this final act that sets your trap.

The Truth Test

Now, if example-service.com tries to contact you again, several scenarios may arise:

  • Scenario 1: Honesty. You will never receive anything again. The company has kept its word and deleted your data from all its lists. Well done to them.

  • Scenario 2: Negligence. The company sends you a promotional email or a notification. The email is sent to example-service@myalias.com. Since the alias is deactivated, the email is either blocked from reaching you, or it bounces back to the sender with a failure notification. You have irrefutable proof that they did not respect your request. You can then take action with the CNIL (or your local data protection authority) with tangible evidence.

  • Scenario 3: Data Resale. A year later, a company you've never heard of sends you an email to example-service@myalias.com. Not only do you know that example-service.com did not delete your data, but you also know that they sold it or allowed it to leak.

Reclaim Power Over Your Data

The right to be forgotten should not be based on trust. Email aliases provide you with a simple and powerful verification mechanism. Every registration becomes a contract whose breach you can verify at any time.

By compartmentalizing your digital identity, you are not just protecting yourself from spam; you are empowering yourself to actively enforce your digital rights.