This year, the Personal Data Authority (AP), along with other European privacy regulators, will investigate the extent to which organizations are complying with data deletion rights rules. In the coming period, the AP will monitor companies and governments in the Netherlands. The investigation is a joint project of the European privacy regulators, united in the European Data Protection Board (EDPB).
People have right to data erasure of the personal data that organizations process about them. This right is designed to give people more control over their personal data. Once there is no longer a good reason to continue processing someone's personal data, an organization must delete that data.
In addition to the right to data erasure, people have other privacy rights. Such as the right to access to their personal data, which the EDPB was investigating in 2024. The EDPB concluded then that many organizations were not handling requests for access properly. Another important privacy right is the right of rectification. This allows people to ask organizations to rectify (change) their personal data if it is incorrect.
In practice, things regularly seem to go wrong when people want their data erased. The AP often receives complaints about this. For example, about organizations that do not respond or respond too late to a data erasure request.
In the coming period, the AP will approach various organizations with a questionnaire. The approach is to explore how organizations implement the right to data deletion in practice. If the answers reveal possible violations, the AP can investigate them further and enforce where necessary.
The EDPB will compile and report results from all participating countries.
