Updating our inactive account policies

People want the products and services they use online to be safe and secure. Which is why we have invested in technology and tools to protect our users from security threats, like spam, phishing scams and account hijacking.

Even with these protections, if an account hasn’t been used for an extended period of time, it is more likely to be compromised. This is because forgotten or unattended accounts often rely on old or re-used passwords that may have been compromised, haven’t had two factor authentication set up, and receive fewer security checks by the user. Our internal analysis shows abandoned accounts are at least 10x less likely than active accounts to have 2-step-verification set up. Meaning, these accounts are often vulnerable, and once an account is compromised, it can be used for anything from identity theft to a vector for unwanted or even malicious content, like spam.

To reduce this risk, we are updating our inactivity policy for Google Accounts to 2 years across our products. Starting later this year, if a Google Account has not been used or signed into for at least 2 years, we may delete the account and its contents – including content within Google Workspace (Gmail, Docs, Drive, Meet, Calendar), YouTube and Google Photos.

The policy only applies to personal Google Accounts, and will not affect accounts for organizations like schools or businesses. This update aligns our policy with industry standards around retention and account deletion and also limits the amount of time Google retains your unused personal information.

We are going to roll this out slowly and carefully, with plenty of notice:

  • While the policy takes effect today, it will not immediately impact users with an inactive account — the earliest we will begin deleting accounts is December 2023.
  • We will take a phased approach, starting with accounts that were created and never used again.
  • Before deleting an account, we will send multiple notifications over the months leading up to deletion, to both the account email address and the recovery email (if one has been provided).

How to keep your account active

The simplest way to keep a Google Account active is to sign-in at least once every 2 years. If you have signed into your Google Account or any of our services recently, your account is considered active and will not be deleted. Activity might include these types of actions you take when you sign in or while you’re signed in to your Google Account:

  • Reading or sending an email
  • Using Google Drive
  • Watching a YouTube video
  • Downloading an app on the Google Play Store
  • Using Google Search
  • Using Sign in with Google to sign in to a third-party app or service

If you have an existing subscription set up through your Google Account, for example to Google One, a news publication or an app, we also consider this account activity and your account will not be impacted.

Original Source: https://blog.google/technology/safety-security/updating-our-inactive-account-policies/