Right to Erasure
A Data Principal's right under Section 12 of the DPDP Act to request erasure of personal data that is no longer necessary for the purpose for which it was collected.
Full Definition
Section 12(3) of the DPDP Act 2023 provides that a Data Principal can request a Data Fiduciary to erase personal data — and the Fiduciary must comply unless retention is required by law. The right is linked to purpose limitation: once the purpose for which data was collected is served and there is no legal obligation to retain it, the data must be erased. This right operates alongside the right to correction: Section 12 covers correction, completion, updating, and erasure as a bundle of data quality rights. Unlike the GDPR's 'right to be forgotten' (Article 17), the DPDP Act's erasure right does not include the broader concept of erasure of publicly available data — it primarily covers data held by the specific Data Fiduciary.
In Indian Law
DPDP Act 2023, Section 12. Data Fiduciaries are also independently required to erase personal data on their own once the purpose is served — the right to erasure reinforces this duty. Section 8(7) requires Data Fiduciaries to erase data if the Data Principal withdraws consent and there is no other legitimate use for retention. Penalties for failure to comply can be raised before the Data Protection Board.
Related Legal Sections
Frequently Asked Questions
Can a Data Principal demand erasure of all their data from any company?
Yes — but with limits. If a company is required by law to retain data (e.g., financial records under tax laws, medical records under health regulations), it can retain data despite an erasure request. The erasure right applies to data that is no longer necessary and has no legal retention requirement.