Global Data Deletion Laws: How Businesses Must Adapt to Complianc

Dr. Philip Radlanski

Email

49-30-700-171-100

Bio and Articles

Find Your Next Job !

Health Law Attorney

Marketing Manager
PLI Practising Law Institute

Litigation Manager - General Liability

Trial Attorney - Indiana - (Remote)

Explore More Job Openings

Enforcement Update: Regulatory Attention Focused on Deletion Requests

by: Dr. Philip Radlanski of Greenberg Traurig, LLP - Data Privacy Dish

Wednesday, March 12, 2025

Print Mail Download info_icon_img

/>i

Data protection authorities worldwide are intensifying their focus on individuals’ rights to have their personal data deleted. This heightened regulatory attention underscores the importance of organizations implementing robust compliance mechanisms to handle deletion requests effectively. For example:

In October 2023, California enacted pioneering legislation to strengthen consumer data protection. The California Delete Act (Senate Bill 362), signed into law in October 2023, establishes a centralized mechanism for consumers to request the deletion of their personal information held by data brokers. Under this law, data brokers are mandated to register annually with the California Privacy Protection Agency (CPPA) starting January 2024 and to process deletion requests submitted through the centralized platform beginning August 2026. This legislation aims to simplify the process for consumers to manage their personal data and imposes stringent requirements on data brokers to ensure compliance. Since November 2024, the CPPA has fined seven data brokers for failing to register and to pay the annual fee required under the California Delete Act.
In March 2025, Oregon released an enforcement report highlighting that “the number one right consumers have requested and been denied, is the right to delete their data.”
In March 2025, the European Data Protection Board (EDPB) initiated its Coordinated Enforcement Framework (CEF) action, centering on the right to erasure, commonly known as the “right to be forgotten,” as stipulated in Article 17 of the General Data Protection Regulation (GDPR). This initiative involves 32 Data Protection Authorities (DPAs) across Europe collaborating to assess and enhance compliance with erasure requests. Participating DPAs will engage with various data controllers, either by launching formal investigations or conducting fact-finding exercises, to scrutinize how these entities manage and respond to erasure requests, including the application of relevant conditions and exceptions. The findings from these national actions will be collectively analyzed to facilitate targeted follow-ups at both the national and EU level.

These developments reflect a broader global trend toward empowering individuals with greater control over their personal data and ensuring that organizations uphold these rights. For businesses, this signifies a need to evaluate and, if necessary, enhance their data management practices to comply with evolving regulatory standards concerning data deletion requests.

Given the intensified regulatory focus on data deletion rights, organizations worldwide should consider proactively assessing and strengthening their data protection practices. By implementing robust mechanisms to handle deletion requests effectively, businesses may not only ensure compliance with current regulations but also build trust with consumers who are increasingly concerned about their privacy rights.