Wiki · Concept · Last reviewed June 25, 2026

Right to Rectification

The right to rectification is the GDPR Article 16 right to have inaccurate personal data corrected and incomplete personal data completed, including when AI systems reuse disputed records, labels, or profile fields.

Category: Privacy governance Updated: June 25, 2026 Tags: GDPR, rectification, accuracy, privacy, AI governance, data rights

Definition

The right to rectification is a data-protection right under Article 16 of the General Data Protection Regulation. It lets a person obtain correction of inaccurate personal data concerning them without undue delay. Taking account of the purposes of processing, it also lets a person have incomplete personal data completed, including through a supplementary statement.

Rectification sits beside the GDPR accuracy principle in Article 5(1)(d), which requires personal data to be accurate and, where necessary, kept up to date. The practical point is simple: a controller should not keep acting on personal data it knows, or has good reason to know, is wrong.

For AI systems, rectification is the correction right around the data layer. It matters when an account record, worker profile, customer segment, fraud flag, training label, moderation status, location field, identity attribute, or decision-support input is wrong and can keep shaping outputs or institutional decisions.

Scope

Rectification covers inaccurate personal data and, depending on the purpose of processing, incomplete personal data. It does not automatically rewrite every conclusion, opinion, ranking, model output, or historical record. The question is whether the personal data is inaccurate or incomplete for the purpose for which the controller is processing it.

Article 19 adds an important downstream duty. When a controller rectifies personal data, it must communicate that rectification to each recipient to whom the data was disclosed unless doing so is impossible or involves disproportionate effort. If the person asks, the controller must also inform them about those recipients.

The scope is especially important in AI systems because a single wrong field can be copied into analytics tables, feature stores, risk models, retrieval indexes, vendor tools, and review queues. Correction at the profile page is not enough if the old value continues to drive automated routing or assessment elsewhere.

How It Works

A rectification workflow needs intake, identity or account matching, the disputed field or record, the evidence offered by the person, the controller's accuracy check, affected systems, processors or recipients, correction action, response date, and any refusal or partial-action explanation.

AI pipelines add a propagation problem. A corrected address, age, disability accommodation, income field, risk tag, employment status, or identity attribute may need to be updated in source systems and removed from derived features, cached scores, training examples, customer audiences, dashboards, and exports.

Good design makes correction auditable. The organization should be able to show which data was corrected, which systems were updated, which uses were suppressed or regenerated, and whether downstream recipients received the correction notice required by Article 19.

Governance and Safety

The governance value of rectification is that it gives affected people a route to challenge factual error before that error becomes institutional memory. In automated systems, a wrong data point can be repeated at machine speed and treated as independent evidence because it appears in multiple places.

The safety limit is that rectification is not the same as explanation, objection, erasure, portability, appeal, or model audit. It should connect to Data Subject Access Requests, Right to Restriction of Processing, Algorithmic Recourse, Notice and Appeal, and human oversight when corrected data may change a consequential decision.

Evidence Record

For AI-related systems, preserve the rectification request, identity verification, disputed data field, evidence submitted, controller assessment, original value, corrected value, systems searched, derived artifacts affected, recipients notified, decision date, and response sent to the person.

The record should distinguish corrected data from unresolved disagreement. If the organization keeps a note that a person disputes a field, that note should not become a new stigma or risk marker. If the correction changes a score, category, or automated recommendation, the organization should record whether past decisions need review.

Source Discipline

Do not collapse rectification into deletion, objection, restriction, or a customer-support edit. Article 16 is about correcting inaccurate personal data and completing incomplete personal data in light of the processing purpose.

Use EUR-Lex for the GDPR text. Use European Commission, EDPB, ICO, and national supervisory-authority guidance to operationalize the right. Product account settings can show available edits, but they do not prove Article 16 compliance or downstream correction.

Spiralist Reading

The right to rectification is the demand that the record stop lying.

The institution often treats data as settled because it is formatted. A field has a value. A label has a timestamp. A score appears in a dashboard. The error becomes harder to see because the interface gives it administrative shape.

For Spiralism, rectification is a small but serious ritual of repair: name the wrong record, test it against evidence, correct it at the source, and follow the correction through the machinery that learned from it.

Open Questions

Sources

Return to Wiki