European Data Supervisor Joins DPAs in EU-Wide Enforcement of Right to be Forgotten

The European Data Protection Board (EDPB) is leading the effort. Along with the EDPS, which oversees privacy compliance for EU institutions and bodies, 31 national data protection authorities (DPAs) in the European Economic Area are involved. Last year's joint action involved data subjects' right of access to their personal data (see 2501200001).

The right to erasure (right to be forgotten) is enshrined in the EU General Data Protection Regulation, the EDPS noted. It gives people the ability to maintain control over their personal data by requesting that public and private bodies processing the information delete it.

The right isn't absolute but is subject to several exceptions, such as the need to comply with a legal action in the public interest, the EDPS said. Each request must be analyzed case-by-case by data controllers who decide on the processing of personal data based on justified and legal reasoning. "The right to erasure therefore challenges the delicate balance between the right to data protection and the collective memory of society."

As part of the coordinated enforcement action, the EDPS will send questionnaires to EU institutions' data controllers to check their compliance with their legal obligations. As a follow-up, the office said, it will report on the best and worst practices and identify areas for improvement.

The results of the joint action will also be analyzed with the other DPAs to determine if further supervision or enforcement is needed. The EDPB will publish a final report.