Right to erasure in analytics
Article 17 of the GDPR gives individuals the right to have their personal data erased in defined circumstances, such as when it is no longer necessary or consent is withdrawn. For analytics, that can mean deleting or de-linking records tied to a person. This page explains when erasure applies and how minimised data reduces the burden.
When erasure applies
Article 17 requires erasure in cases including: the data is no longer necessary for its purpose, the person withdraws consent and there is no other legal ground, they object and there are no overriding grounds, or the data was processed unlawfully. There are exceptions, for instance where processing is needed to comply with a legal obligation or for certain public-interest purposes.
Erasure applies to personal data; data that has been genuinely anonymised is no longer personal data and falls outside the right.
Applying it to analytics
Where analytics holds a record linkable to a person, a valid erasure request can require deleting or irreversibly de-linking it. If your model stores no stable identifier and reports only aggregates, there may be nothing to erase. Short retention windows further limit exposure, because old identifiable data has already expired.
- Triggers include withdrawn consent and 'no longer necessary'
- Exemptions exist (e.g. legal obligations)
- Anonymous aggregates are outside the right
How it appears in analytics and logs
Persistent per-user analytics records are candidates for erasure when a valid request is made; aggregate data that no longer identifies anyone typically is not.
Diagnostic use case
Determine when an erasure request reaches your analytics data and design measurement so that deletion is simple or unnecessary.
What WebmasterID can help detect
WebmasterID's aggregate, short-retention posture means there is often little individually identifiable analytics data to erase in the first place.
Common mistakes
- Believing erasure is absolute, ignoring its exemptions.
- Forgetting backups and downstream copies of analytics data.
- Assuming aggregate counts must be 'erased' when no one is identified.
Privacy and accuracy notes
This page is educational and not legal advice. The right to erasure has conditions and exemptions; whether it applies to specific analytics data depends on the facts and applicable law.
Related pages
- Data subject access requests (DSAR)
Under the GDPR's right of access (Article 15), a person can ask a controller to confirm whether it processes their personal data and to receive a copy. Analytics datasets can fall in scope when they contain identifiers tied to an individual. This page explains the right and why data minimisation shrinks what a DSAR can reach.
- Data retention in analytics
Data retention is the policy for how long an analytics system stores collected data before automatic deletion. Many platforms expose configurable retention windows for user- and event-level records. Shorter windows reduce breach exposure and support data-minimisation principles, while aggregate reports can often outlive the raw data. This is an educational overview, not legal advice.
- Anonymisation vs pseudonymisation
Anonymisation and pseudonymisation are often confused but have very different legal consequences. Truly anonymous data cannot be linked back to a person by any reasonable means, so it falls outside the GDPR. Pseudonymous data can be re-identified using a separately held key, so it remains personal data. Mislabelling one as the other is a common and costly error. This is educational, not legal advice.
- Privacy-first analytics
Aggregate data that is often nothing to erase.
Sources and verification notes
- EUR-Lex — GDPR Article 17 (Right to erasure)Statutory text of the right to erasure.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.