Archive|Deep Briefs|
|
← Back to Glossary

Right to be Forgotten

RegulationUpdated: January 15, 2025
Also known as: Right to Erasure, GDPR Article 17

Browse all Regulation terms

AI RMF (AI Risk Management Framework)Asset SegregationBeneficial OwnershipBeneficiaryBIS (Bank for International Settlements)BSA (Bank Secrecy Act)CASP (Crypto-Asset Service Provider)CASP LicenseCFTC (Commodity Futures Trading Commission)Client AssetsData MinimizationDLT Pilot RegimeeIDAS 2.0ESMA (European Securities and Markets Authority)FATF (Financial Action Task Force)FCA (Financial Conduct Authority)FEAT PrinciplesFinCEN (Financial Crimes Enforcement Network)FINMA (Swiss Financial Market Supervisory Authority)FINRA (Financial Industry Regulatory Authority)FSB (Financial Stability Board)GDPR (General Data Protection Regulation)High-Risk AI SystemHowey TestKYC (Know Your Customer)Market ManipulationMAS (Monetary Authority of Singapore)MiCA (Markets in Crypto-Assets Regulation)MiCA ComplianceMiFID IIOFAC (Office of Foreign Assets Control)OriginatorPassportingPEP (Politically Exposed Person)PII (Personally Identifiable Information)Qualified CustodianQualified InvestorRetail InvestorSAR (Suspicious Activity Report)SEC (Securities and Exchange Commission)SOC 2 (Service Organization Control 2)Strict LiabilityTransaction MonitoringVARA (Virtual Assets Regulatory Authority)Virtual AssetVirtual Asset Service Provider (VASP)Wash Trading
GDPR right to request deletion of personal data, conflicting with blockchain immutability

The Right to be Forgotten, formally the right to erasure under GDPR Article 17, grants EU residents the right to request deletion of their personal data when it is no longer necessary for its original purpose, consent is withdrawn, the individual objects to processing, or data was unlawfully processed.

Organizations must delete personal data upon valid erasure requests unless legal obligations, public interest, or legitimate overriding grounds require retention. The right applies to controllers and requires notification to data processors and third parties who received the data. Exceptions include compliance with legal obligations, exercise of freedom of expression, public health requirements, archiving purposes, and establishment or defense of legal claims.

The right to be forgotten creates fundamental conflict with public blockchain architecture. Blockchain immutability means on-chain data cannot be deleted or modified once recorded, making literal compliance impossible for personal data stored on public distributed ledgers. Solutions include storing only hashed or encrypted data on-chain with off-chain storage of actual personal information enabling deletion, using permissioned blockchains with data access controls, implementing cryptographic techniques rendering data inaccessible by destroying keys, or avoiding storage of personal data on-chain entirely. Regulatory guidance suggests rendering data permanently inaccessible may satisfy erasure obligations even if technical deletion is impossible, though legal interpretation continues evolving.

Related Terms

Data MinimizationBlockchain
← Back to Full Glossary