Article 17(1)

1. The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data, where one of the following grounds applies:

• (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• (b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data;
• (c) the data subject objects to the processing of personal data pursuant to Article 19;
• (ca) a court or regulatory authority based in the Union has ruled as final and absolute that the data concerned must be erased;
• (d) the data has been unlawfully processed.

Article 17(1a)

1a. The application of paragraph 1 shall be dependent upon the ability of the data controller to verify that the person requesting the erasure is the data subject.

Article 17(2)

2. Where the controller referred to in paragraph 1 has made the personal data public without a justification based on Article 6(1), it shall take all reasonable steps to have the data erased, including by third parties, without prejudice to Article 77. The controller shall inform the data subject, where possible, of the action taken by the relevant third parties.

Article 17(3)

3. The controller and, where applicable, the third party shall carry out the erasure without delay, except to the extent that the retention of the personal data is necessary:

• (a) for exercising the right of freedom of expression in accordance with Article 80;
• (b) for reasons of public interest in the area of public health in accordance with Article 81;
• (c) for historical, statistical and scientific research purposes in accordance with Article 83;
• (d) for compliance with a legal obligation to retain the personal data by Union or Member State law to which the controller is subject; Member State laws shall meet an objective of public interest, respect the right to the protection of personal data and be proportionate to the legitimate aim pursued;
• (e) in the cases referred to in paragraph 4.

Article 17(4)

4. Instead of erasure, the controller shall restrict processing of personal data in such a way that it is not subject to the normal data access and processing operations and cannot bechanged anymore, where:

• (a) their accuracy is contested by the data subject, for a period enabling the controller to verify the accuracy of the data;
• (b) the controller no longer needs the personal data for the accomplishment of its task but they have to be maintained for purposes of proof;
• (c) the processing is unlawful and the data subject opposes their erasure and requests the restriction of their use instead;
• (ca) a court or regulatory authority based in the Union has ruled as final and absolute that the data concerned must be restricted;
• (d) the data subject requests to transmit the personal data into another automated processing system in accordance with paragraphs 2a of Article 15;
• (da) the particular type of storage technology does not allow for erasure and has been installed before the entry into force of this Regulation.

Article 17(5)

5. Personal data referred to in paragraph 4 may, with the exception of storage, only be processed for purposes of proof, or with the data subject's consent, or for the protection of the rights of another natural or legal person or for an objective of public interest.

Article 17(6)

6. Where processing of personal data is restricted pursuant to paragraph 4, the controller shall inform the data subject before lifting the restrictionon processing.

Article 17(7)

7. (deleted)

Article 17(8)

8. Where the erasure is carried out, the controller shall not otherwise process such personal data.

Article 17(8a)

8a. The controller shall implement mechanisms to ensure that the time limits established for the erasure of personal data and/or for a periodic review of the need for the storage of the data are observed.

Article 17(9)

9. The Commission shall be empowered to adopt, after requesting an opinion of the European Data Protection Board, delegated acts in accordance with Article 86 for the purpose of further specifying:

• (a) the criteria and requirements for the application of paragraph 1 for specific sectors and in specific data processing situations;
• (b) the conditions for deleting links, copies or replications of personal data from publicly available communication services as referred to in paragraph 2;
• (c) the criteria and conditions for restricting the processing of personal data referred to in paragraph 4.

[Source: October 2013]

Article 17(1) [Amended: October 2013]

1. The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, especially in relation to personal data which are made available by the data subject while he or she was a child, where one of the following grounds applies:

• (a) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data;
• (b) the data subject objects to the processing of personal data pursuant to Article 19;
• (c) the data subject objects to the processing of personal data pursuant to Article 19;
• (d) the processing of the data does not comply with this Regulation for other reasons.

Article 17(2) [Amended: October 2013]

2. Where the controller referred to in paragraph 1 has made the personal data public, it shall take all reasonable steps, including technical measures, in relation to data for the publication of which the controller is responsible, to inform third parties which are processing such data, that a data subject requests them to erase any links to, or copy or replication of that personal data. Where the controller has authorised a third party publication of personal data, the controller shall be considered responsible for that publication.

Article 17(3) [Amended: October 2013]

3. The controller shall carry out the erasure without delay, except to the extent that the retention of the personal data is necessary:

• (a) for exercising the right of freedom of expression in accordance with Article 80;
• (b) for reasons of public interest in the area of public health in accordance with Article 81;
• (c) for historical, statistical and scientific research purposes in accordance with Article 83;
• (d) for compliance with a legal obligation to retain the personal data by Union or Member State law to which the controller is subject; Member State laws shall meet an objective of public interest, respect the essence of the right to the protection of personal data and be proportionate to the legitimate aim pursued;
• (e) in the cases referred to in paragraph 4.

Article 17(4) [Amended: October 2013]

4. Instead of erasure, the controller shall restrict processing of personal data where:

• (a) their accuracy is contested by the data subject, for a period enabling the controller to verify the accuracy of the data;
• (b) the controller no longer needs the personal data for the accomplishment of its task but they have to be maintained for purposes of proof;
• (c) the processing is unlawful and the data subject opposes their erasure and requests the restriction of their use instead;
• (d) the data subject requests to transmit the personal data into another automated processing system in accordance with Article 18(2).

Article 17(5)

5. Personal data referred to in paragraph 4 may, with the exception of storage, only be processed for purposes of proof, or with the data subject's consent, or for the protection of the rights of another natural or legal person or for an objective of public interest.

Article 17(6)

6. Where processing of personal data is restricted pursuant to paragraph 4, the controller shall inform the data subject before lifting the restriction on processing.

Article 17(7) [Deleted: October 2013]

7. The controller shall implement mechanisms to ensure that the time limits established for the erasure of personal data and/or for a periodic review of the need for the storage of the data are observed.

Article 17(8)

8. Where the erasure is carried out, the controller shall not otherwise process such personal data.

Article 17(9) [Amended: October 2013]

9. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying:

• (a) the criteria and requirements for the application of paragraph 1 for specific sectors and in specific data processing situations;
• (b) the conditions for deleting links, copies or replications of personal data from publicly available communication services as referred to in paragraph 2;
• (c) the criteria and conditions for restricting the processing of personal data referred to in paragraph 4.

[Source: January 2012 | Context: Proposal from the European Commission]

Chapter II General rules on the lawfulness of the processing of personal data

Section V The data subject's right of access to data

Article 12 Right of access

Member States shall guarantee every data subject the right to obtain from the controller:

• [...]
• (b) as appropriate the [...] erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data;
• [...]