European data protection authorities are going to investigate the right to erasure of data
This year, the Autoriteit Persoonsgegevens (AP), the Dutch data protection authority, will investigate, together with other European data protection authorities, to what extent organisations comply with the rules regarding the right to erasure of data. In the near future, the AP will inspect businesses and governments in the Netherlands. The investigation is a joint project of the European data protection authorities, united in the European Data Protection Board (EDPB).
Right to erasure of data
People have the right to erasure of the personal data that organisations process of them. This right aims to give people more grip on their personal data. As soon as there is no longer a good reason for processing someone's personal data, an organisation has to remove (erase) these data.
Other privacy rights
In addition to the right of erasure of data, people have other privacy rights. Such as the right of access to their personal data, which was investigated by the EDPB in 2024. The EDPB concluded then that many organisations do not handle requests for access in a proper manner. Another important privacy right is the right to rectification. People can use this right to ask an organisation to rectify (amend) their personal data if they are incorrect.
Data erasure in practice
In practice, it turns out that things regularly go wrong when people want to have their data erased. The AP receives a lot of complaints about this. For example, about organisations that do not respond or respond late to a request for erasure of data.
In the coming months, the AP will approach diverse organisations with a questionnaire. The idea is to explore how organisations implement the right to erasure of data in practice. If potential violations become apparent from the answers, the AP may investigate these further and take enforcement action where necessary.
The EDPB will pool the results of all participating countries and report on them.
