Transparency Seu electrònica

The APDCAT participates in a coordinated action to evaluate compliance with the right to erasure in Europe

23/02/2026 | 09:00h

The European Data Protection Board has published the results of an analysis of the implementation of the right to erasure in Europe, one of the most requested by citizens, after consulting more than 32 European data protection authorities, including the Catalan Data Protection Authority.
Dret supressió

The European Data Protection Board has published the report Implementation of the right to erasure by controllers, as a result of coordinated action involving the collaboration of 32 European data protection authorities, including the Catalan Data Protection Authority.

In this regard, the APDCAT has provided the results of the surveys it sent during 2025 to 31 entities responsible for data processing in its area of ​​action, which included public sector entities in Catalonia, private entities with public functions, private entities, etc. The APDCAT has participated in this action jointly with the Spanish Data Protection Agency, the Basque Data Protection Authority and the Andalusian Transparency and Data Protection Council.

Overall, the report includes the results of the surveys carried out on 764 entities responsible for data processing throughout Europe, both public and SMEs, and private corporations.

Information, anonymization and deletion

Although several good practices have been observed, the report points to the existence of room for improvement in some recurring practices in the exercise of the right to deletion, one of those demanded by citizens. Specifically, in the lack of a documented and updated internal procedure to manage deletion requests, the deficiency of information provided to people to exercise the right to deletion, the difficulties in defining and implementing retention periods, the legal uncertainty about the exceptions to deny deletion requests, the use of erroneous or incomplete anonymization techniques or the lack of measures to manage deletion requests in the context of backup copies, etc.

The report also proposes recommendations for each of the problems detected, in order to help those responsible in the exercise of the right to deletion, since it is not an absolute right and sometimes it is difficult to assess the circumstances in the specific case in order to respond to it.

As for the entities that have participated in this action, they agree to request support and tools to have well-defined and updated internal procedures to manage deletion requests and also support instruments such as forms, guides or resolution models, as well as criteria to interpret and apply the exceptions to exercise the right to deletion, among others, to respond to requests appropriately and guarantee that the relevant information is provided to interested parties.

In addition to the analysis of the right to erasure, since 2020, the European Data Protection Board has carried out three more coordinated actions of this nature, with the aim of evaluating the use of cloud services by public bodies, the designation and position of data protection officers and the right of access.

Last update: 23.02.2026