Brussels – Deleting personal unlawfully processed data can take place ex officio, even if no request has been made by the data subject, according to a ruling of the Court of Justice of the EU, which, in a judgment, produced a further provision on privacy and its protection.
It is up to the responsible supervisory authority to intervene and order the ex officio deletion of unlawfully stored and managed personal data, especially the European Data Protection Regulation, best known by its acronym GdDPR, which entered into force in the EU in May 2018. The Luxembourg judges made it clear that the competent authority (in the Italian case, the Data Protection Authority), as it is vested with precise duties and roles, “must remedy the infringement found, irrespective of any prior request by the data subject” if the authority “considers, following an investigation, that the processing in question does not satisfy the requirements of that regulation.”
In addition, in this role, the supervisory authority of a member state can order the deletion of unlawfully processed personal data, both if they come directly from the data subject and another source.
English version by the Translation Service of Withub
