Why can I not get a receipt proving my data was actually deleted?
Opportunity
GDPR Article 17 requires companies to erase personal data, and the EDPB's 2025 coordinated enforcement report named the absence of documented internal deletion procedures as the most common compliance failure across EU jurisdictions. When a user submits a deletion request, the company responds with a confirmation email that proves nothing. There is no cryptographic evidence that records were removed from primary databases, backups, or third-party processors. Academic work on verifiable deletion exists, including SGX-backed proofs and quantum certified deletion schemes published in 2024 and 2025, but none of it has been packaged into a practical, deployable primitive that web services can integrate. The gap is not legal willingness but a missing technical tool that bridges the regulation to an auditable outcome.
Why it matters
A deletion receipt that a user can independently verify is the one artifact that turns a legal obligation into a trust relationship, and nothing in widespread deployment provides it today.
How I score the opportunity
The Opportunity Score is my own read, not a measurement: how much it hurts, how often it bites, and how little exists to solve it today. Higher means I think it is more worth building.
How much pain it causes when it shows up.
How often people actually run into it.
How little good tooling exists for it today.
More problems worth solving
Why is the software we depend on most the worst to use?
TechWhy do I still own none of the data I generate?
TechWhy can I not know if what is running matches what my SBOM declared?
TechWhy does every C2PA provenance chain break the moment content hits social media?
TechWhy does critical open source software still depend on one exhausted maintainer?
TechWhy is there no recovery path when a breach leaks my biometrics?