October 7, 2022

Volume XII, Number 280

Advertisement

October 06, 2022

Subscribe to Latest Legal News and Analysis

October 05, 2022

Subscribe to Latest Legal News and Analysis

October 04, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

What Types of Data Are Subject to a Deletion Request?

Modern state privacy laws confer upon individuals the ability to ask for their personal information to be deleted. Statutes differ, however, in the scope of the “deletion right.” For example, some states only permit consumers to request the deletion of personal information that the consumer provided to the organization (allowing the organization to keep personal information that it obtained from third party sources or created itself), whereas other statutes allow consumers to make broader requests. It should be noted that even if a statute grants consumers the ability to request the deletion of a particular data type, the statute may still have exceptions that allow an organization to refuse the request. For example, if an organization is required by law to keep certain information, it may refuse a deletion request regardless of whether the data was collected directly from the consumer or via a third party.

The following provides a comparison of the types of personal information for which consumers can request deletion:

 

ENDNOTES

[1] Cal. Civ. Code 1798.105(a) (West 2020).

[2] Cal. Civ. Code 1798.105(a) (West 2021).

[3] C.R.S. § 6-1-1306(1)(d).

[4] Connecticut Substitute Bill No. 6, § 4(a)(3).

[5] Utah Code Ann. §13-61-201(2).

[6] Va. Code §59.1-573(3).

[7] C.R.S. § 6-1-1306(1)(d).

[8] Connecticut Substitute Bill No. 6, § 4(a)(3).

[9] Va. Code §59.1-573(3).

[10] C.R.S. § 6-1-1306(1)(d).

[11] Connecticut Substitute Bill No. 6, § 4(a)(3).  The statute refers to information “provided by, or obtained about” the consumer.  It is unclear whether a court would view information that is created by a company as being “obtained” by the controller.

[12] Va. Code § 59.1-573(3).  The statute refers to information “provided by, or obtained about” the consumer.  It is unclear whether a court would view information that is created by a company as being “obtained” by the controller.

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 160
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement