Data protection authorities worldwide are intensifying their focus on individuals’ rights to have their personal data deleted. This heightened regulatory attention underscores the importance of organizations implementing robust compliance mechanisms to handle deletion requests effectively.​ For example:

  • In October 2023, California enacted pioneering legislation to strengthen consumer data protection. The California Delete Act (Senate Bill 362), signed into law in October 2023, establishes a centralized mechanism for consumers to request the deletion of their personal information held by data brokers. Under this law, data brokers are mandated to register annually with the California Privacy Protection Agency (CPPA) starting January 2024 and to process deletion requests submitted through the centralized platform beginning August 2026. This legislation aims to simplify the process for consumers to manage their personal data and imposes stringent requirements on data brokers to ensure compliance. ​Since November 2024, the CPPA has fined seven data brokers for failing to register and to pay the annual fee required under the California Delete Act.
  • In March 2025, Oregon released an enforcement report highlighting that “the number one right consumers have requested and been denied, is the right to delete their data.”
  • In March 2025, the European Data Protection Board (EDPB) initiated its Coordinated Enforcement Framework (CEF) action, centering on the right to erasure, commonly known as the “right to be forgotten,” as stipulated in Article 17 of the General Data Protection Regulation (GDPR). This initiative involves 32 Data Protection Authorities (DPAs) across Europe collaborating to assess and enhance compliance with erasure requests. Participating DPAs will engage with various data controllers, either by launching formal investigations or conducting fact-finding exercises, to scrutinize how these entities manage and respond to erasure requests, including the application of relevant conditions and exceptions. The findings from these national actions will be collectively analyzed to facilitate targeted follow-ups at both the national and EU level. ​

These developments reflect a broader global trend toward empowering individuals with greater control over their personal data and ensuring that organizations uphold these rights. For businesses, this signifies a need to evaluate and, if necessary, enhance their data management practices to comply with evolving regulatory standards concerning data deletion requests.​

Given the intensified regulatory focus on data deletion rights, organizations worldwide should consider proactively assessing and strengthening their data protection practices. By implementing robust mechanisms to handle deletion requests effectively, businesses may not only ensure compliance with current regulations but also build trust with consumers who are increasingly concerned about their privacy rights.

Tags: California, CPPA, deletion request, GDPR, personal information, regulatory
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Dr. Philip Radlanski Dr. Philip Radlanski

Philip Radlanski is a Local Partner in the IP & Technology Practice Group. He advises clients ranging from early-stage start-ups to large corporations on privacy and cybersecurity issues. His work focuses on complex and innovative data-heavy projects, often with cross-border aspects. He also

Philip Radlanski is a Local Partner in the IP & Technology Practice Group. He advises clients ranging from early-stage start-ups to large corporations on privacy and cybersecurity issues. His work focuses on complex and innovative data-heavy projects, often with cross-border aspects. He also assists with addressing cybersecurity issues, including data breach incident management and response. He gained strong recognition throughout Europe for his representation in the first German trial against a GDPR fine, in which he was able to achieve a reduction of the multimillion-euro fine by more than 90 percent.

Philip is known for his pragmatic approach, which he was able to further refine through several months of secondments to the legal departments of a leading German internet service provider and an internationally operating online marketplace for food delivery. A further one-year secondment to the Global Privacy & Data Security Group of an international law firm in New York shaped Philip’s understanding of the U.S. market and U.S. clients.

Prior to practicing as an attorney, Philip worked as a research assistant at the University of Regensburg, Germany, and as a visiting tutor at King’s College London, UK. He also worked with the German Federal Film Board, the cybercrime division of the Berlin District Attorney’s Office, and for different international law firms in Berlin, New York, and Sydney.

He is a member of the German Association for the Protection of Intellectual Property and Copyright (GRUR), the International Technology Law Association (ITechLaw), and the Bauhaus Archive.

Read more about Dr. Philip RadlanskiPhilip's Linkedin Profile
Show more Show less
Related Posts
DPD
5 Trends to Watch: 2025 U.S. Data Privacy & Cybersecurity
January 9, 2025
biometric data fingerprint
BIPA Update: Illinois Limits Liability and Clarifies Electronic Consent for Biometric Data Collection
August 14, 2024
Abernethy IAPP podcast
Darren Abernethy Featured on The Privacy Advisor Podcast
July 2, 2024