8 min read June 9, 2026
Skip to content

Right to Be Forgotten vs. Right to Be Remembered: How Origination Records Solve the Data Paradox

✓ Editorially reviewed by Ryan Gaughan on June 10, 2026

The Core Paradox in Data Law

Two rights exist in direct tension inside modern data law. The right to be forgotten says a person can demand their data be erased. The right to be remembered says that same person may need to prove something existed, was original, or was theirs to begin with.

These are not edge cases. They collide constantly. A journalist publishes under a pseudonym, then wants their identity scrubbed from a data broker's index but needs to retain proof they wrote the piece first. A software developer uploads proprietary code, later discovers a competitor used it, and files a claim but meanwhile wants their personal metadata deleted from the platform that hosted it. A patient authorizes a health record transfer, then revokes consent but still needs documentation that the transfer occurred on a specific date.

The data paradox is not theoretical. It is structural, and current legal frameworks address each side in isolation without providing a mechanism to hold both at once.

What GDPR Article 17 Actually Requires

Article 17 of the General Data Protection Regulation grants data subjects the right to obtain erasure of personal data without undue delay. Controllers must act when the data is no longer necessary for its original purpose, when consent is withdrawn, when the subject objects under Article 21, or when the processing was unlawful to begin with.

The right is not absolute. Article 17(3) carves out exceptions for freedom of expression, compliance with legal obligations, public interest in public health, archiving for scientific or historical research, and the establishment, exercise, or defense of legal claims. That last exception is where the paradox sharpens into a legal problem.

If a data subject needs to retain proof of a claim but simultaneously wants their identifying metadata erased from a third-party system, Article 17(3)(e) technically permits retention. The practical problem is that most platforms do not offer cryptographically verifiable, subject-controlled proof certificates. They offer either full retention or full deletion, with the controller holding the keys to what survives.

right to be forgotten — woman holding sword statue during daytime
Photo by Tingey Injury Law Firm on Unsplash

The Proof Problem: Why Deletion Alone Is Not Enough

Data deletion requests are increasingly enforceable. The California Consumer Privacy Act as amended by the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act all establish deletion rights that mirror GDPR Article 17 in meaningful ways. Submitting a deletion request to a data broker under these frameworks is no longer a courtesy request. It carries legal weight.

But deletion creates an evidentiary vacuum. Once a controller confirms erasure, the data subject loses independent access to any record that the data existed, when it was created, and who owned it. The confirmation email from the controller is not a neutral third-party record. It is a document the controller generated, subject to the controller's storage policies, and vulnerable to the controller's own eventual deletion.

This matters enormously in intellectual property disputes. Copyright under U.S. law attaches at the moment of creation, not at registration. Proving that moment requires something more durable than a platform's internal timestamp, which the platform can modify, delete, or fail to preserve. The same logic applies to trade secret claims under the Defend Trade Secrets Act, where establishing that a secret was actually secret and was controlled by the claimant at a specific point in time is foundational to the claim.

Deletion of personal data from a third-party platform should not require surrendering the one record that proves the data existed in the first place.

What Origination Records Do That Deletion Requests Cannot

An origination record is a cryptographically anchored, timestamped certificate that establishes who generated a piece of data, when they generated it, and what the data's content fingerprint was at that moment. It does not require the underlying data to persist anywhere. It requires only that a verifiable hash of the data was recorded at a specific time against a tamper-resistant reference.

This is the architecture underlying MyDataKey's PDAOS (Personal Data Asset Origination System), described in detail at mydatakey.org/pdaos-white-paper/. The origination certificate serves as independent evidence of first possession. It does not contain the personal data. It contains proof that the data existed, belonged to a specific subject, and was timestamped at origination.

The structural consequence is significant. A data subject can submit a GDPR Article 17 deletion request to every controller who processed their data and simultaneously hold a certificate that proves prior ownership. The two actions do not conflict. Deletion removes the data from the controller's environment. The origination certificate survives in the subject's own possession, outside any controller's custody.

This is subject-held proof, not controller-held proof. The legal implications for ownership disputes, licensing claims, and IP litigation are substantial.

Why the Timestamp Is the Legal Instrument

In origination architecture, the timestamp is not metadata. It is the legal instrument itself.

A cryptographic timestamp using a trusted timestamping authority under the RFC 3161 standard produces a signed token that binds a document hash to a moment in time. This token can be verified independently of the issuing authority, meaning its validity does not depend on the continued operation or integrity of any single platform. Courts in multiple EU jurisdictions have accepted RFC 3161 timestamps as evidence of document existence at a specific time. The U.S. Electronic Signatures in Global and National Commerce Act and similar state-level UETA frameworks recognize electronic records and timestamps as legally operative.

The timestamp does two things simultaneously. It establishes that data existed before any adverse party could have created it. And it establishes that the person holding the certificate was in possession of that data at origination. These are exactly the two facts that matter in a priority dispute, whether the dispute involves creative work, health records, financial data, or behavioral data that a platform later monetizes without authorization.

Treating the timestamp as a legal instrument rather than a technical detail reframes what data ownership actually means in practice.

The CCPA Parallel and Where U.S. Law Falls Short

The California Privacy Rights Act, effective through its implementing regulations under the California Privacy Protection Agency, grants deletion rights that are enforceable against a broad category of businesses. The opt-out rights under the CPRA, particularly for sensitive personal information, give California residents meaningful control over downstream data flows.

What the CPRA does not provide is any mechanism for the consumer to generate an independent ownership record before requesting deletion. The framework is entirely controller-centric. The business confirms or denies the request. The business maintains the processing records required under Article 7 of the GDPR-equivalent CPRA framework. The consumer gets a confirmation, which is a record generated by the party with the most to gain from controlling the narrative of what data existed and when.

Federal privacy legislation in the U.S. remains fragmented as of 2026. There is no single federal law equivalent to GDPR's comprehensive subject-right framework. HIPAA provides subject rights over health records but does not extend to behavioral or transactional data. The FTC Act provides some backstop against deceptive practices but does not create individual ownership rights. The gap between deletion rights and origination rights is entirely unaddressed at the federal level.

You can submit opt-out and deletion requests to data brokers at mydatakey.org/opt-out/ while maintaining your own origination records. These are independent, parallel actions. One does not foreclose the other.

Solving Both Sides of the Paradox Simultaneously

The data paradox resolves when ownership and deletion are understood as operating on different objects. Deletion applies to the data itself as held by a controller. Origination records apply to a cryptographic fingerprint of that data held by the subject. They are not the same thing, and the law does not require them to be treated as the same thing.

Under GDPR Article 17(3)(e), a data subject asserting a legal claim can retain data relevant to that claim even while requesting erasure of other personal data from the same controller. An origination certificate allows the subject to define exactly what they need to retain in a form that is verifiable, portable, and outside the controller's custody. This satisfies both the spirit of Article 17 (minimize data held by controllers) and the practical need to preserve evidence.

The architecture is not theoretical. Hash-based origination certificates, timestamped against an independent authority, represent a mature technical pattern. The legal frameworks that validate them exist. The gap has been implementation: making this accessible to individual data subjects rather than only to enterprise legal teams with e-discovery infrastructure.

What This Means for Anyone Who Creates or Controls Data

If you create data, whether that is writing, code, health information, financial records, or behavioral logs from your own devices, you are generating assets that other parties will process, store, and in many cases monetize. The deletion rights available to you under GDPR, CPRA, and similar frameworks are real and increasingly enforceable. Using them is not paranoid. It is rational data hygiene.

The practical gap is that most people exercise deletion rights reactively, after a breach, after a dispute, or after discovering a data broker profile. At that point, the origination window has closed. The controller's version of events, including their timestamps and their records of what you submitted to their platform, is the only version that exists.

Origination certificates close that gap proactively. They establish your version of events at the moment the data is created, before any controller processes it, before any dispute arises, and before any deletion request is necessary. You hold the proof independent of any platform's continued existence or compliance.

Own Your Data Inc. operates as a nonprofit to make this infrastructure accessible outside of enterprise legal contexts. The goal is not to sell security software. MyDataKey™ issues certificates that prove you owned data first, and those certificates remain yours regardless of what any controller does with the underlying data. To establish your origination record, visit mydatakey.org/signup/.

The timestamp matters. Establish it before you need it.

Have More Questions About This Topic?

support@mydatakey.org

Get Started →

Written By

Dr. Patrick Fisher, PhD, NCC, BC-TMH, C-AAIS — Founder, Own Your Data Inc

LinkedIndrpatrickfisher.com

Editorial Review

This article was reviewed by Ryan Gaughan on June 10, 2026 for accuracy, currency, and clarity. Content is updated when laws or guidance change.

A project of Own Your Data Inc · 501(c)(3) Nonprofit