SID-PRIV-03 — Right-to-Erasure Bulk Deletion API
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Privacy Controls |
Description
GDPR Art. 17 requires the ability to erase all personal data for a data subject on request across all platform services. Backend-side cascading deletion improved in go-wallet-backend PR #89, including challenge, invite, and session cleanup. Remaining work is cross-service erasure orchestration (including go-r2ps-service user records), explicit deletion confirmation/audit trail response, and grace-period/undo support. Tracking: compliance#83.
Components
Source References
Framework Requirements
EUDI Security Requirements: WUM-8.2.2-Fun-09
ISO 27001 Annex A: A.8.10
GDPR Checklist: request to have their personal data deleted, object to you processing
OWASP ASVS 4.0.3 Level 3: V8.3