The Right to Be Deleted: How Digital Credentials Can Let Users Revoke Shared Data

We recently proposed the Personal Data License (PDL): a system that leverages Verifiable Digital Credentials to give individuals control over the sharing of their sensitive data, including the ability to enforceably limit, revoke, or receive disclosures about that access. As part of this system, the person sharing data will issue a PDL using their digital wallet, establishing a clear record of the terms for data sharing. The PDL will then be countersigned by the recipient, signifying their acceptance of the user's conditions and creating a mutual agreement that protects both parties.

Combined with legislative enforcement, a Personal Data License system would allow individuals to share data for a limited time, requiring recipients to delete it after the agreed period or report its continued existence as required. This enhanced level of control greatly increases the power that individuals have over their data. The ability to revoke data, ensure its removal, or receive notifications about its existence would have a profound impact in a landscape where personal data is increasingly used for commercial purposes and massive repositories of outdated data remain vulnerable to a growing number of security breaches.

Personal Data Licensing (PDL) would also have a third important benefit: increasing user trust in the digital systems handling their data. The public is increasingly confused and worried about how their data are used, by both private companies and governments. That anxiety could be a serious obstacle to the adoption of digital identity systems like the mobile driver’s licenses (mDL), which offer significant improvements to the current privacy and security status quo.

But how exactly would Personal Data Licensing work? Let’s dive in.

Forget Me Now

Enforceable data control is important, both practically and for public perception because the public has come to associate digital tools with sacrificing their privacy. There’s the ambient experience of surveillance-driven advertising, but also much more scary examples, such as when Target’s algorithm detected and exposed a customer’s pregnancy or the current uncertainty about what 23andMe will do with all the individual genetic information it owns. 

The 23andMe situation illustrates how trackable data licensing would improve on the current status quo. In retrospect, 23andMe’s customers would probably have preferred to let the company handle their genetic data temporarily, not store it in perpetuity. Personal data licensing makes data more like a digital book out for a temporary loan. Notably, the goal is not to create a more nuanced commercial license to let users monetize data, a concept many experts believe would be exploitative and bad for privacy. Instead, PDL is intended as a privacy tool for particularly sensitive data, such as medical records, allowing users to automatically and auditably request the deletion of their data from their smartphones. If a user revoked their PDL and then published this action to a public blockchain, there would be solid evidence that they requested their data deletion at a certain point in history, accessible to anyone with shared data records and an internet connection.

Personal Data Licensing would use the same mix of digital wallets and secure signatures that verify digital IDs like California’s mobile driver’s license. When data are shared from a document or record in a digital wallet, a PDL system could require the recipient to digitally countersign a data license indicating acceptance of terms. This is aligned with building blocks like Katara’s verifiable “receipt” for the data, which is based on standards outlined by groups, including ISO. 

These licenses would be readable by both humans and machines, outline the purpose of the sharing, and have clear expiration dates. They might also define any rights for third-party sharing or provisions for the sharer’s right to revoke data access. They may also encapsulate reporting requirements, such as how to notify the user if further data sharing is needed. Data wallets would automatically retain copies of these licenses, with verifiable signatures from the data recipients. With legislation backing, such as an updated version of Europe’s GDPR, this paper trail would make data deletion auditable and enforceable.

These capabilities and interactions are not currently part of dominant digital ID standards, such as the ISO’s Mobile Driver’s License (mDL) or the W3C’s Verifiable Credentials standard. We believe the system can be designed externally to such standards in the “white space” left open—though ideally, data licensing would eventually be integrated with base standards.

Data Control and a Fairer Digital Economy

A system of digitally signed receipts for data sharing would create a verifiable record of what data we share, with which counterparties, and under which conditions. However, legislation would be needed to ensure compliance by imposing penalties on data recipients who didn’t comply with the conditions of a license. Analogs to such legislation already exist, such as the California Consumer Privacy Act (CCPA), Utah Consumer Privacy Act (UCPA), and the  European GDPR’s “Right to Be Forgotten.” Governments worldwide have been implementing policies to give people more control over their data.

Notably, Utah enacted the Government Data Privacy Act (GDPA) in May 2024, which gives Utahns discretion over how their own government should manage their personal data. At SpruceID, we are generally aligned with actions that increase individual autonomy while avoiding the centralization of power.

However, the current enforcement state for these laws tends to favor large-scale data collectors, such as Google and Facebook, who can afford the staff and other overhead to comply. Compliance costs have even led some smaller digital businesses to leave the EU or even shut down entirely.

A standardized and open system of Personal Data Licensing, including verifiable “receipts,” would make both enforcement and compliance simpler, reducing the unfair burden that data policies have tended to have on smaller digital businesses. 

Public policy would need to support PDL systems with enforcement. Imagine, for instance, that months after releasing your blood test data to a medical provider, you start receiving health marketing messages that seem guided by that data. This evidence of data misuse could be directly correlated with a digitally signed receipt showing exactly who received the data, and when, and submitted to a data enforcement body. 

From “Papers, Please” to “Why—and for How Long?”

Making the Personal Data License a reality will take work and time, but we believe it’s a compelling path forward. One very practical upside of personal data licensing is that it will make privacy frameworks such as GDPR and CCPA much more implementable. A record-keeping standard simplifying policy enforcement gives individuals more control over their data while also reducing the compliance burden on firms that collect data for valid purposes.

More fundamentally, Personal Data Licensing would be a major step forward in digital identity’s overarching mission to improve privacy, security, and user control of data. Personal Data Licenses, paired with monitoring and enforcement, can reverse the power dynamic in data sharing. Instead of a presumption that users must hand over data on request, government agencies and data-hungry enterprises will be required to convincingly justify their data collection and how long it will be stored.

The data hoards built up by unrestricted data collection have become huge risks to global privacy, security, and democracy. They have been used for surveillance and mass manipulation. It’s time for a change in control.

About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.