The Right to Restriction is a temporary, freeze-frame mechanism invoked when a data subject challenges the accuracy of their data, the lawfulness of processing, or the controller's need for the data after the original purpose has expired. Unlike the Right to Erasure, restriction does not delete the data; instead, it moves the data into a segregated, 'processing-prohibited' state where it can only be stored, not actively used, except with consent, for legal claims, or to protect another person's rights.
Glossary
Right to Restriction

What is Right to Restriction?
The Right to Restriction is a statutory data subject right that compels a data controller to temporarily halt the processing of an individual's personal data while the accuracy, lawfulness, or necessity of that processing is formally contested or verified.
In enterprise AI governance, implementing this right requires robust data isolation architectures and policy enforcement points that can dynamically suspend model training or inference on specific records. The controller must flag restricted data within the data lineage and audit trail systems to prevent its accidental ingestion into machine learning pipelines, ensuring compliance with purpose limitation controls while the dispute is resolved.
Frequently Asked Questions
Clarifying the technical and legal nuances of the data subject's right to temporarily halt the processing of their personal data under specific contested circumstances.
The Right to Restriction is a data subject right under Article 18 of the GDPR that allows an individual to obtain a temporary halt on the processing of their personal data. Unlike the right to erasure, restriction does not delete the data; instead, it marks the data as 'restricted' so that it can only be stored, not actively processed. This right is invoked while the accuracy, lawfulness, or necessity of the processing is being verified or contested. During the restriction period, the data controller must ensure the data is logically segregated and inaccessible to standard processing pipelines, effectively placing a legal freeze on the data until the dispute is resolved.
How the Right to Restriction Works in Practice
The right to restriction is a temporary freeze on data processing invoked while a data subject's objection, accuracy challenge, or lawfulness dispute is under formal review.
The right to restriction is a data subject's legal entitlement to obtain a temporary halt on the processing of their personal data while the accuracy, lawfulness, or necessity of that processing is contested or verified. It acts as a procedural pause button, preventing data erasure while suspending active use.
When invoked, the controller must flag the restricted data and move it to a segregated logical storage system, preventing further algorithmic ingestion or repurposing. Processing may only resume once the dispute is resolved, the data subject provides explicit consent, or the processing is necessary for legal claims.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Key Characteristics of the Right to Restriction
The right to restriction is a temporary, contestable state that acts as a legal pause button on data processing. It is not absolute deletion but a holding pattern triggered by specific disputes over data accuracy, lawfulness, or necessity.
Temporary Halt, Not Erasure
The right to restriction imposes a temporary freeze on processing, distinct from the right to erasure. Data is preserved solely for legal claims, defense, or protecting another person's rights. During this period, the data controller must move the data to a restricted access state, often implemented via a restricted processing flag in the database, preventing any active use while the dispute is resolved.
Four Specific Triggering Conditions
A data subject can invoke this right only under four specific circumstances defined in Article 18 of the GDPR:
- Accuracy Contested: Processing is paused while the controller verifies the data's accuracy.
- Unlawful Processing: The subject opposes erasure and requests restriction instead.
- No Longer Needed: The controller no longer needs the data, but the subject requires it for a legal claim.
- Objection Pending: Processing is paused while verifying if the controller's legitimate grounds override the subject's objection.
Technical Implementation: Flagging
In AI pipelines and databases, this right is technically enforced through logical access controls rather than physical deletion. Common methods include:
- Setting a
processing_restrictedboolean flag toTRUEin the data record. - Moving data to a separate, immutable restricted archive store with read-only permissions.
- Revoking all API tokens and service accounts that have processing access to the specific data subject's records.
Strict Notification Obligations
The controller must communicate any rectification, erasure, or restriction of processing to each recipient to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort. In machine learning contexts, this implies a need for robust data lineage tracking to identify all downstream models, analytics dashboards, and third-party processors that ingested the restricted data.
Impact on AI Model Training
Invoking restriction creates a critical challenge for continuous learning systems. A model cannot be retrained or fine-tuned on data under restriction. This requires Training Data Isolation architectures to immediately exclude flagged records from feature stores and training pipelines. The data must be logically quarantined to prevent its inclusion in batch inference jobs or real-time feature computations until the restriction is lifted.
Lifting the Restriction
The controller must inform the data subject before lifting a processing restriction. This ensures the subject has an opportunity to escalate the dispute or exercise other rights, such as erasure. Automated systems must include a human-in-the-loop approval step before a restricted flag can be programmatically removed to ensure compliance with this mandatory notification requirement.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us