Agents of erasure: Following the deletion of public sector data through its value chain

Abstract

Around the globe, and particularly in Europe, new forms of data protection regulation are introduced to regulate and limit the capacity of governmental personal data processing. Under EU law, public and private organizations must delete personal data no longer in use for the specific purposes for which they have been collected and processed. Yet, little is known about how the deletion of such data is organized, valued, and conducted in practice. To trace data deletion empirically, this article proposes the concept of data's deletion value chain to theorize processes of personal data deletion in the context of public administration, focusing on continuous valuations and delegations of deletion as a practice. To trace this value chain, I take a “follow-the-thing” approach, tracing personal data through the administration not backward toward data's perceived “origins,” but forward toward data's “ending” at the moment of deletion. Tracing the organization and diverse valuations of public sector data deletion in this way, the study raises questions about the assumed linearity of data life cycles, the still-emergent institutional infrastructures of deletion, as well as the social, legal, and technical politics of infrastructural (in)competence in the context of public sector data protection.

Keywords

Personal data deletion value chain public administration GDPR infrastructural competence

Introduction

Since the 1990s, various instances of data protection regulation have been enacted around the world (Bradford, 2023), and particularly in Europe, to regulate and limit personal data accumulation and processing by institutions. Since the introduction of EU's Data Protection Directive in 1995 and its General Data Protection Regulation (GDPR) in 2018, public and private organizations have been legally required to delete personal data no longer in use for the specific purposes for which they were collected (e.g. McDermott, 2017; Padden and Öjehag-Pettersson, 2024; Trzaskowski and Sørensen, 2022). From a social scientific standpoint, however, relatively little is known about the organization and practice of such digital data deletion (Thylstrup, 2023).

This article begins from the premise that studying the practical enactment of personal data deletion is key to understanding the controllability of such data and, thus, institutional accountability under digitalization. As such, it provides insight into the practical challenges and politics of regulating digital infrastructures, especially in the public sector, where personal data collection is mandatory and often involves a variety of sensitive data (Fredriksson et al., 2017; Löfgren and Webster, 2020). Empirically, the article focuses on Denmark's highly digitalized public sector (e.g. European Commission, 2022). Previous research on Denmark's digitalized public administration has highlighted the risk of unlawful administration due to public institutions’ loss of oversight and control over their digital systems, which are typically developed, owned, and maintained by private companies (Motzfeldt and Næsborg-Andersen, 2018; see also Jørgensen, 2023). Meanwhile, little empirical work exists to substantiate such concerns, particularly with regard to personal data deletion.

To investigate such data deletion empirically, this article starts from the research question: How do practices of personal data deletion become organized and valued in the Danish public administration? To answer this question—and contrary to common instrumentalist understandings of data “life cycle” or “value chain management,” which see data deletion as the outcome of a linear process devoid of institutional politics—this article proposes a concept of the deletion value chain as a process of continuous valuation and delegation of deletion as a regulatory, ethical, and technical challenge. This concept emerges from my observations of personal data deletion as a practice within the Danish public administration, where deletion becomes actualized through its continuous deferral along a “chain” of actors who make sense of and organize it according to diverse registers of valuation (Heuts and Mol, 2013). To analyze the dynamics of this chain, I adopt a “follow-the-thing” approach (Appadurai, 1988; Cook, 2006; Marcus, 1995) to trace processes of data deletion through (and beyond) the public administration. However, rather than tracing data backward toward their perceived “origins” (e.g. Biruk, 2018; Bowker and Star, 1999; Gitelman and Jackson, 2013), I trace data forward toward their perceived “ending” at the moment of deletion. My following of data deletion among several Danish municipalities thus traces public administrative data's deletion value chain (1) from municipal archives, where decisions on selective preservation effectively commences institutional processes of deletion, (2) through the public administration, where personal data is used for casework and sorted for deletion, and finally (3) to the private IT supplier, where the deletion of personal data is ultimately carried out according to the administration's instructions. Studying public sector data's deletion value chain hereby comes to indicate both the nonlinearity and still-emergent techno-institutional processes and infrastructures of data deletion, while also highlighting the social, legal, and technical politics of infrastructural (in)competence at work in public-sector data protection.

The article is structured as follows: First, I introduce literature on the legal aspects of data deletion, noting the limitations of sequential understandings of deletion as a process. Second, I outline the concept of the deletion value chain understood as continuous valuations and delegations of data deletion as a practice. Third, after introducing the methodology underpinning this paper, I present the article's analysis, which traces the organization and valuation of data deletion as a practice through the Danish public administration. Finally, I conclude by discussing the implications for understanding the institutional politics of data deletion.

Data deletion in the public administration

Emergent research on data deletion in the public administration comes about in the wake of public sector digitalization and new regulatory regimes aimed at balancing citizen rights and governmental data processing capacities (Jørgensen, 2023). Digitalization has been observed to intensify the discrimination of public benefits’ recipients through data-driven targeting (see, e.g. Eubanks, 2018). More generally, persisting digital data, particularly in governmental contexts, threaten to “forever tether us to all our past actions, making it impossible, in practice to escape them” (Mayer-Schönberger, 2009: 125). These concerns have given rise to new forms of data protection regulation (like GDPR), as well as related legal norms such as the “right to be forgotten” (Trzaskowski and Sørensen, 2022; Walker, 2012). Here, requiring the deletion of personal data when such data are no longer necessary for their original purposes is seen as a way of respecting individual rights and decreasing the risks tied to their potential abuse (Keele, 2009), although scholarship has questioned the practical feasibility of such rights-based approaches (see, e.g. Ausloos, 2020; Schade, 2023; Solove, 2022). Because the kind of data to be deleted under GDPR is specifically personal data, all references made to “data” in what follows refer to such personal data.

For government institutions, the challenge is often framed as one of effectively managing data (Motzfeldt and Næsborg-Andersen, 2018) and their “life cycle,” understood as the series of stages institutional data undergo from the moment they are created to the moment of deletion (Blazquez and Domenech, 2018; see also Shah et al., 2021). However, framings of data's institutional existence and usage in terms of life cycles—or value chains for that matter—risk invoking a simplistic expectation of linearity at odds with the sociocultural complexities and politics involved in both data production and destruction (Thylstrup, 2022). For instance, such theories direct attention away from the multitudes of divergent interpretations, interests, and practices continuously shaping and shaped by processes of digitalization.

In Denmark, such politics of public-sector digitalization are suggested by the identification of public institutions’ loss of oversight and control of their privately developed digital systems (Motzfeldt and Næsborg-Andersen, 2018). Such tensions between privatization and public digitalization may be more than likely to problematize orderly and sequential processes of data management, yet little empirical research exists to substantiate such concerns. On this background, the present article provides novel empirical insight into how such processes and complexities are at work in the specific context of public-sector data deletion.

Attentive to the epistemic and analytical risks outlined above, the following section introduces the concept of the deletion value chain in order to theorize the path followed to locate data deletion as a concrete practice while staying attuned to the possibility of institutional politics and cultural complexity.

Theorizing data deletion as a value chain problematic

To theorize the path followed to trace data's journey (Bates et al., 2016) toward deletion through the Danish public administration, I propose the concept of data's deletion value chain. In the field of applied economics (where the notion of “value chain” originates) the “digital economy value chain” has been theorized as the relational chain of value creation activities in the digital economy essentially based on digital elements (such as digital data) and their flow through “value creation” and “value transfer” activities (Miao, 2021). According to Feller et al. (2006), even within the logic of applied economics (Porter, 1985), what thus sets the concept of the “value chain” apart from that of “supply chain” are both its kinds of flow and their opposed directions: flows of supply, which flow from the producer (problems of distribution, coordination, and management (see, e.g. Attard-Frost and Widder, 2025; Mentzer et al., 2001)), versus flows of value, which flow from the customer or end user (problems of need, subjective experience, and divergent contexts and modes of use). Hereby, even in applied economics, value chain analysis tends to begin from the point of view of value formation (Feller et al., 2006).

Economic theories of the value chain, however, present their own limitations and issues. One such limitation—if one wishes to explore social questions beyond those of strict economic calculation—is the tendency to reduce all conceivable value to economic value. Indeed, in his seminal work, Porter (1985) defined “value” as the amount customers were willing to pay for what a firm provides, implying that value chains could be distinguished as relatively (in-)effective based solely on whether they generated profits (see also Feller et al., 2006).

Contrasting such economic and firm-centric theorizations, I mobilize an alternative understanding of the deletion value chain as a “chain” constituted by a series of divergent valuations and delegations of data deletion as a practice. Such an understanding of the “value chain” is arguably better attuned to the insights of critical data studies (CDS), science and technology studies (STS), and valuation studies (VS). As such, it resonates with Löfgren and Webster's (2020) assertion that value chain analysis might be used more broadly in a public sector context to identify chains of related and intersecting activities in the delivery of policy and services (see also Beynon-Davies, 2007). Redefining value chains in this way thus draws attention to the inherently enacted, processual, symbolic, and materially embedded nature of the “chains” under consideration. It further constitutes an opening to a theory of value chains as particular kinds of assemblages; namely as material-semiotic accomplishments of valuation and delegation, understood as simultaneously material and symbolic processes (e.g. Kitchin and Lauriault, 2014; Latour, 2012) animated by both performativity and affective tendencies (Deleuze and Guattari, 1987).

“Value,” in such a view, is generally conceived of as a product of social practices of valuation (e.g. Birch, 2017), emerging in action, and constituting “the way people [continuously] represent the importance of their own actions to themselves: normally, as reflected in one or another socially recognized form” (Graeber, 2001: 47; see also Strathern, 1988). Value, in this view, thus always implies politics, including divergent affirmations of particular institutions, values, and norms (DuBois and Salas, 2021; Schade, 2024), for instance, those giving rise to an experienced “need” of deleting (personal) data.

Moving along the deletion value chain (e.g. from where data is used and prepared for deletion to where it is effectively deleted), one moves along different sites where the value of such deletion is expressed and constructed according to what Heuts and Mol (2013) call diverse registers of valuing. Unlike in Boltanski and Thevenot's (2006) “economies of worth,” where worth constitutes a quality and “economies” are ultimately based on a single gradient, valuing here implies an activity, while registers denote a framework of shared relevance that yet retains openness to internal tensions. Valuation, in such a view, is not merely a process of evaluation, but of valorizing and valuing in an active, performative sense (see Vatin, 2013), without assuming a priori which valuings might be prevalent in a given context (Latour, 2012). Analyzing the diverse registers of valuing at work in the public sector (Bannister and Connolly, 2014; Panagiotopoulos et al., 2019; Twizeyimana and Andersson, 2019) and shaping the continuous formation of data's deletion value chain—including through tensions and clashes between such registers—thus becomes a way to study both the organization and politics of public sector data protection.

By “chains,” then, we might understand not merely fixed and preexisting relations of supply or “value transfer” in the economic sense, but instances of (more or less formal) delegation underpinned by both institutional, legal, and technical infrastructures (see, e.g. Cooren, 2000; Latour, 2012).¹ In the case studied here, the delegation of data deletion occurs between departments internal to public institutions (e.g. between the archive and the administration) and, subsequently, between organizations, whenever the public administration's “customer needs” are contracted out to private IT suppliers operating their digital systems. The “chain” is thus constituted through various performative (legal, organizational, contractual) acts of delegation, while underpinned by the technical infrastructures of public and private organizations. As we shall see, moving along this chain gives rise to questions about distributions of formal responsibility, as well as legal and technical competencies. Moreover, it highlights affectively enacted relationalities through which particular modes and intensities (expressed as concern, doubt or confidence) infuse registers of valuing in different ways, mediating the relationship(s) between practitioners and other agents (see Ahmed, 2004) in the continuous formation of the “chain.”

Methodology: following data deletion

To trace practices of data deletion through the public administration, I invoke a methodology of “thing-following.” Such approaches have aimed at tracing particular commodities back to their origins of production to “lift the veil” of globalized markets and commodity fetishism (Hulme, 2017). As a method, “following-the-thing” implies a qualitative, multi-sited research approach (Marcus, 1995) focused on tracing objects’ socio-spatial trajectory (or “biography”) to expose the social relations, power structures, and cultural meanings shaping their production, circulation, and use (ibid.; Breines et al., 2021). My attempt at following the deletion of data through the public administration, however, was initially animated by a simpler research agenda: I wanted to explore what happens to data when it is deleted, how and why such deletion is carried out, and by whom.

There are, thus, important differences between my approach and that of traditional “thing-followers.” The challenge for me was less one of following a particular commodity along globalized value chains (indeed, the parts of the “chain” I depict are located in Denmark) and rather about following digital data as a particular kind of “thing.” Contrary to traditional material commodities, digital data “move” according to temporalities approximating the instantaneous and are fundamentally replicable, meaning they may be “located” in several places at once (Kitchin et al., 2025). These material characteristics of data caused challenges from the very beginning of research (e.g. when “the same” data was located in different sites at once).

Further, and due to my focus on data deletion, my approach to following data was less about tracing data backward to its “origins” and, thus, conditions of production (Biruk, 2018; Bowker and Star, 1999; Gitelman and Jackson, 2013), than about following data forward toward their perceived ending at the moment of deletion, i.e. data's conditions of destruction. In the Discussion below, I argue that this approach has similar potential for commodity defetishization while also entailing distinct questions about institutional digitalization, data control, and accountability.

Importantly, this method of following the deletion of data through its value chain was not a deliberate choice from the outset but became defined as a method during fieldwork in response to the characteristics of the field. Seeking to locate and analyze practices of data deletion in public administration, I chose to focus on Danish municipalities due to (1) the high level of digitalization among such Danish institutions (see, e.g. European Commission, 2022), (2) the large amount and variety of citizen data processed at the municipal level in Denmark, and (3) experienced difficulties of finding interviewees at the level of Danish ministries and authorities.²

On this background, I commenced fieldwork in the setting I first believed to be responsible for managing data deletion: the municipal archive. This was due to my preexisting knowledge of archives as selection mechanisms; selecting data “worthy” of institutional preservation while discarding—and, thus, I thought, deleting—the remainder. However, while archival practices do remain crucial to data deletion (as depicted below), to “locate” deletion, I had to follow data “back” to the public administration since data to be deleted are those which are “still there” in administrative systems after the necessary copies have been transferred to the archive. And yet, while the administration did turn out to be the organization legally responsible for data deletion, the concrete practice of deleting data ultimately turned out to be outsourced to the private technical supplier of the administration's digital systems. I therefore (and not without challenges) got in contact with select company representatives and managed to locate, in particular, one individual conducting mass data deletions from a key administrative system.

It was in this way that the method of following data deletion through its value chain was actualized. The method thus resulted from continuous attempts to locate concrete deletion practices through a series of semistructured interviews and via the logic guiding the ongoing selection of respondents (see Table 1).

Table 1.

List of respondents.

No.	Geographical area	Date (DD-MM-YY)	Role
R1	Greater Copenhagen	23-08-24	Municipal archivist
R2	Greater Copenhagen	05-09-24	Municipal archivist
R3	Greater Copenhagen	20-09-24	Municipal chief IT consultant
R4	Southern Denmark	22-10-24	Municipal IT security consultant
R5	Greater Copenhagen	29-10-24	Municipal archivist
R6	Greater Copenhagen	29-10-24	Municipal head of digitalization
R7	Jutland	05-12-24	Municipal IT project manager
R8	Jutland	05-12-24	Municipal economic affairs rep.
R9	Jutland	05-12-24	Municipal legal affairs rep.
R10	Jutland	05-12-24	Municipal archivist
R11	Greater Copenhagen	21-01-25	Data center operator
R12	Southern Denmark	27-02-25	IT supplier, external consultant
R13	Greater Copenhagen	26-05-25	IT supplier, head of product management
R14	Greater Copenhagen	05-09-25	IT supplier, chief consultant

These interviews were combined with document analysis of selected legal frameworks (such as the 1995 Data Protection Directive and GDPR) and materials describing institutional data management and deletion practices (e.g. Danish National Archive, 2026; Engel, 2006; KL, 2026; KLE Online, 2026). Following data collection, the trajectory of this “chain” was drawn up and data were analyzed according to (1) the concrete practices described, (2) the modes of valuation shaping and shaped by practices across settings, and (3) the continuous delegations of deletion as a concrete practice, eventually forming a “chain” of intra- and interorganizational relations. Finally, article drafts were shared with respondents for member checking, during which no participants requested substantial modifications.

Following data's deletion value chain

The following analysis is organized around examples of each of these aspects in an attempt to describe what I call the deletion value chain of public-sector data in the context of Danish municipalities.

Beginning at the end? The digital archive

My first intuition of starting my investigation of data deletion in the public administrative archive—where the life of data at first seemed to “end”—appeared rewarding due to the passionate interest exhibited by municipal archivists in the practices, problems, and histories of digital data deletion. Despite their strong interest, however, I also got a sense that I might be attempting an investigation of data deletion in the wrong setting. As one municipal archivist put it at the beginning of an interview:

In reality, deletion is an incredibly small part of our core practice, because as archives we are exempt from some of the requirements of data protection regulation about […] [data] correction, deletion [and so on]; these do not apply to archives. (R2)

The archivists I spoke to thus helped clarify aspects of the organization of data deletion in the Danish public administration. First, emergent practices of digital data deletion had to be understood primarily in the context of the requirements posed by existing data protection regulations like the GDPR. Second, and as such, data deletion was primarily the purview of the public administration rather than the archive, since public archives were largely exempt from these rules.³ Confusion about this labor distribution, however, had historical origins in processes of public sector digitalization and its unsettling of both archival and administrative categories of informational and data discard. Historically, the archives have been (and are still) engaged in appraising and evaluating institutional casefiles and data, selecting what is to be preserved for historical purposes and what is to be discarded—or “deaccessioned” as this is called. In the 1990s and early 2000s, before widespread digitalization, this assessment was guided largely by registers of economic and historical modes of valuing administrative data. As put by another archivist:

In the years from which I was part of it […] you know, from the early 2000s […], it was a question of economy. If you don’t deaccession anything we will run out of space at some point. Then there was, for some of the older national archivists, a question about what was central. What do we need to be able to tell history. [But so], you always had an idea that we didn’t have to save everything, and then there have been some [changing] criteria along the way [for what to preserve and what to discard]. (R1)

The history of archival deaccessioning was thus laid out according to changes in modes of appraising (and, thus, valuing) institutional information such as administrative casefiles. In the analog paper archive, restrictions of economy and spatial capacity led to intense discussions among archivists about what was “central” to “tell the history” of public institutions and citizen populations. Such considerations led to practices of discarding the vast majority of casefiles while preserving only a small subset (for instance, all cases for citizens born on the first of any given month) as statistically representative and thus historically and scientifically useful for studies of an evolving Danish population (see also Engel, 2006).

With digitalization and its vast decreases in storage costs, both the nature of institutional knowledge materials (i.e. from paper files to “data” and digital files) and the practical incentives to discard such materials changed significantly. As one archivist depicted the brief “transitional” phase between the analog and digital archive:

You had a transition during which a kind of paper-mode-of-thought followed us into the digital; you know, we should bring as few [digital] documents with us – in the archival version [of a given system] – as necessary. Then you didn’t count a preservation rate of three [percent] like you had in the 90 s, but like 40–50 percent which you thought you could bring along. Because the price per unit for each document to be archived was one to one and a half kroner, you think, okay, then there is a significant [economic] saving. But then, relatively quickly after, prices began to drop. (R1)

With significant drops in data storage costs during the 1990s, it became possible for both state and municipal archives to entertain ideas of “total memory” in entirely different ways than had hitherto been feasible. As part of this shift, however, came a shift in the object of preservation from files to digital systems, which today—i.e. in case a system and its data contents are deemed worthy of preservation—are converted in full into TIFF files (due to this format's “lossless” compression, system independence, and general compatibility) to ensure the potentials for future data reuse (see Danish National Archive, 2020).

While digitalization hereby enabled the storage of vast amounts of data compared to previously, the prevalent register for valuing archival deaccessioning under digitalization continued to be marked by economic considerations—yet differently configured. This is because the conversion of digital systems into archival versions remained a significant economic expense, involving payments to the private supplier and significant workloads for municipal and archival employees.⁴ For this reason, only a subset of data (again), yet now of municipal systems, are preserved.

In this context, the introduction of new forms of data protection regulation by the EU to control and limit institutional data processing was perceived as having had significant implications for archivists’ and municipal employees’ understanding and valuation of data to be archived and “deaccessioned.” An archivist from a different municipality described this shift in terms of “frames of understanding” occurring in the wake of emerging data protection regulations:

Before, when the municipality had to “discard” something, then these were unique documents, when they were paper cases which were thrown out. And [with] “deletion,” today you can have data which [according to the GDPR] should be deleted but which are [simultaneously] worthy of preservation. These didn’t exist before because they were unique documents. Now there are more copies of data. So, it still causes some confusion here and there [about] what is “deletion” and what is “deaccessioning.” (R10)

While archival deaccessioning thus still constitutes a selection—by the archive—of which systems and data to preserve for historical and, potentially, scientific purposes, the archivists stressed that the deletion of data as a practice required by European data protection regulation was the purview of the administration, not the archive. In practice, once the archive had appraised municipal digital systems for potential preservation (and, if deemed worthy of preservation, co-facilitated their conversion into TIFF files) the administration would subsequently be allowed to delete data according to other legal requirements, such as imposed by the GDPR. Archival of digital data (as mandated by national archival law) thus constitutes an institutional precondition for deletion (as mandated by European data protection law).

While GDPR-mandated data “deletion” was thus seen as the purview of the administration and carried out following data archiving, the influence of the GDPR as a both regulatory and ethical framework was apparent among several archivists. One of them expressed his opinion to me that municipal data, in general, “shouldn’t become a burden” for citizens. “Data ethics,” he explained, “has become a [key] question; in 2017 [i.e., before GDPR] not many were thinking about data ethics.” Reflecting on his own dual position as municipal employee and citizen, he continued: “I definitely think it has been a positive thing. Also, for me as a citizen, that I can feel confident in how data [about me] are processed and that they don’t do something inappropriate with my data” (R1). GDPR thus seemed to inspire a growing recognition of the importance of institutional accountability in the wake of digitalization and its empowerment of the state as a data processing entity. Yet, due to the increased focus on data protection and the higher fines for noncompliance, GDPR also appeared to inspire institutional concerns related to compliance. These were also experienced by archivists not directly responsible for the administration's sorting of data for deletion: “Before you would rather avoid deleting [data]. Today, you might want to delete a little sooner rather than later” (R1).

Second ending: the digital administration

Based on my experience in municipal archives and to learn more about data deletion practices complying with existing legal frameworks, I ventured into the public administration. Here, the prevalent mode of valuing data deletion shifted from one primarily concerning archival principles and regulations to a more direct focus on legal compliance, casework and data management, particularly as mandated by European data protection regulations since the 1990s. As put by a municipal project manager who had worked with the problem of digital data deletion during this period:

[At some point] we get the Personal Data Law [a Danish law enacted in year 2000 based on the EU's Data Protection Directive of 1995], and [that law] states that we have an obligation to delete [personal data] which we don’t use any longer. […] regardless of the context in which you are a “person.” Whether as a citizen or an individual in a company […]. And this is something new at the time. You didn’t have that focus […] until then. It's like, “what?!” It's a huge problem for us, because we have personal information in almost everything that we do […]. I think the law is actually older, but, in any case, in 2009 we start thinking about this problem […]. And the Personal Data Law is then replaced by GDPR in 2018 [whereby] it only becomes stricter, and you start talking more about it. (R7)

Similar quotes, abundant throughout my interviews, highlight several things. First, the primarily juridical register of understanding and valuing data deletion among administrative employees: a legal obligation to delete data already archived and “out of use” in instances where data might be classified as “personal.” Second, administrative representatives experienced this obligation to delete as their duty, which led me to believe I had now located the people directly involved in conducting data deletion (although, as I would learn, I had merely located the party legally responsible for deletion). Third, data deletion represented a significant challenge for all the municipal institutions whose representatives I interviewed. Finally, they pointed to a growing awareness of this perceived “problem” of data deletion in tandem with the introduction of increasingly comprehensive and strict regulations (i.e. GDPR).

While consistently framed according to such legal frameworks and a juridical register of valuing, the story administrative representatives told was broadly twofold. On the one hand, while the work of the public administration had been almost fully digitalized since the 1990s, the implementation of legally mandated deletion practices had been slow and incomprehensive, often seen as deprioritized by institutional management. On the other hand, growing awareness of this problem had led some municipalities to work actively toward solutions. As put by a municipal IT consultant involved in data deletion projects at a major Danish municipality:

Yes, we are trying to get started. We have started a little with deleting all that data which has already been handed over to the archive. […] Because we haven’t been deleting in [this municipality] until now. […] [W]e just had a meeting with some of the other municipalities. It's a bit of a general problem for the municipalities, it's difficult to delete, difficult to figure out what to delete. There aren’t many who dare begin deleting. And, of course, there are caseworkers out in their units who don’t know that you have to delete or believe it happens all by itself. […] But we have begun now. We have made a proof of concept where we have had every municipal authority […] start deleting within a random area where they know: this we can delete without things getting too wild, without too many conflicts or problems. (R3)

The quote describes data deletion projects as still in their early stages and frames the challenge as one of commencing deletion, knowing what to delete, and daring to begin deleting data while avoiding spurring institutional conflicts. These framings pointed to both obstacles of institutional prioritization (e.g. “starting” to delete), as well as challenges of technical complexity and obscurity (e.g. “daring” to delete and “knowing” how deletion occurs within complex digital systems).

Inquiring further into the potential conflicts associated with data deletion, the respondent in question described these as relating to “the great what ifs.” He elaborated on these as perceived intra-institutional challenges such as: “What if we suddenly need this [data again] at some point? What if we need it to process a case? Or what if we [accidentally] delete something wrong? […] [Due to such questions] you haven’t known exactly what to delete” (R3). Other respondents confirmed that the legal obligation to delete data always exists in potential conflicts with other, contradictory regulatory demands. One employee, a municipal legal expert, described the problem as emerging already at the time of data production, and as entangled with the question of data's multiple purposes:

You know, we have created the data due to different needs; for filing, to save data […], you have to be able to do casework […]. You never even thought about that you would have to delete them. (R9)

The quote illustrates how the purposes of data are multiple within the public administration, as well as how legally required data deletion risks falling into the background of data's primary purposes, which shape how data is created, used, and reused. Another employee, a municipal project manager, elaborated on the tension between different types and uses of data, and the risk of deleting something “wrong”:

Deletion concerns personal information. It is personal information we have to delete. Because we [certainly] cannot accidentally delete something the municipality needs with regards to planning, for instance, or […] [regarding] its [economic] subsidies […] or some of these very political subjects which a mayor or top management always expect us to be able to find again. (R7)

Here, the need for data protection (ultimately actualized through deletion as a legally enforced form of institutional forgetting) occurred in tension with managerial needs, as well as requirements and expectations of public accountability in a democratic context. She continued:

We are also obliged to hand over data to the archive. […] [And] we are also obliged to be there for the citizens […] [who can] have an expectation that the public sector stores [data]; when I have had a case […], of course the municipality will be able to find it. And the municipality can do this, of course, as long as [it] has it, but then when [it] starts deleting, then it doesn’t exist anymore. But then, of course, we have the archive. But so, there are different angles to the question about what the obligations of public institutions are [in the context of data deletion]. (R7)

Both historical considerations and legal mandate of institutional archives (introduced above) and the relation to citizens (usually implying both a formal, legal relation and an ethical relation of care) constituted additional factors capable of problematizing legally required practices of data deletion. Due to such institutional complexities, the challenge of implementing data deletion and achieving legal compliance was thus often framed as a challenge of figuring out the legal status of particular instances of personal data to ensure that only “correct” subsets of data were deleted. As put by a municipal legal specialist:

Well, the first thing you have to do is to find out what it is you want to delete. I guess it's not even to delete it [in practical terms], […] it's not exactly that which is the hard part. It's that entire process beforehand where you figure out; all this about casework, is that concluded, regulation, and has it been delivered [to the archive], and […] we have to keep some information for ten years [after that], and so on and so forth. When we then have that decision, then we have to figure out, okay, how do we then find this information and make sure […] that it is exactly this information and that this is not mistaken because someone used the wrong metadata. Then we have found this chunk, and […] [then] we can move on to practical deletion. (R9)

According to the respondent, defining the subset of data which is “legally ready” for deletion—i.e. “out of legal and administrative use”—required sorting data according to its multiple institutional purposes and valuings to figure out when specific datasets had served all their legal purposes. This is also the point at which, however, a simultaneously administrative and technical problem of (meta)data “quality” emerges and doubles back on this same process (see also, Kitchin, 2022). Were data filed correctly in the first instance using the right metadata? If not, the institution risked what archivists referred to as “unauthorized deaccessioning” of data it was legally required to preserve. “So, it becomes incredibly important for municipalities this matter of data quality,” one municipal archivist supporting the administration's work put it (R10).

This problem of ensuring the data quality necessary for facilitating deletion involved both legal-administrative and technical valuations. According to a municipal legal expert, the problem arose “already when you create the case, [and] you have to make these decisions about; okay, where are we at here,” (R9) with respect to categorizing and filing a case via correct metadata. This issue of categorical “correctness” was both regulatory (since cases should be categorized in accordance with legal prescriptions) and technical (since digital systems typically rely on stringent labeling to process information). On the technical side, insufficient data quality would thus problematize the findability of data categorized incorrectly. As put by the same respondent: “[…] our tool – our [data management] system [i.e., DMS] – is not capable […] of finding these things [i.e., data filed wrongly] that we would like to delete” (R9). Municipal employees explained that some DMSs had gradually improved over time by increasingly guiding municipal system users toward correct filing practices (from minimizing open metadata fields to selective drop-down mechanisms, to having certain case types “born” with standardized metadata). Most contemporary digital administrative systems, however, remained imperfect in this regard, making it difficult for the large and professionally heterogeneous multiplicity of municipal employees using these systems to avoid occasional mistakes. As claimed by a municipal economist, the problem of data quality thus highlighted a more general tension between the primarily legal valuing and nuances of public administrative praxis and the purely technical perspective often exhibited by private system suppliers:

I think our supplier is certainly willing to work with us regarding how we best label data when it is produced so that we can later make some statistics and delete. But their strength is to build a DMS, not to understand what we need it for. So, sometimes it can be difficult to get them to understand […] that it is complex as hell to have all the different cases we do, so you can’t just give them one label and say, now this case is “passive.” Because why is it passive […] what is the passivity of a case really? The supplier will always say that this can easily be put into some box […], you know, but nah, then we still … So, they actually want to [help], it is just hard for them to really comprehend the scope of it. (R8)

Throughout my interviews with public administration representatives, it nonetheless became clear that, ultimately, the very technical and material practice of deleting data tended to be outsourced to the technical supplier, who would carry out deletion based on the municipal administration's instructions. This consistent delegation (here, outsourcing) of the technical practice of deleting data to the supplier was framed as a consequence of the complexity of digital systems management. As a municipal project manager working with data deletion put it:

In the end, it is the supplier that deletes, yes. That's how it is for us, anyways. I know that in [another large] municipality, they have tried to purchase a deletion module […] but I think they had to give up because it becomes too complex. (R7)

Encountering this delegation thus led me to continue my investigation further along data deletion's value chain by getting in touch with representatives of private suppliers of public digital systems.

Third ending: the technical supplier

Believing I had now finally localized the practice of deleting data with the technical suppliers of public digital systems, I asked some of my municipal respondents for their help getting in touch with company representatives responsible for data deletion. It turned out that they—somewhat by accident—ended up referring me to the same individual tasked with carrying out mass deletions from a particular municipal DMS used by a large number of Danish municipalities. This person, who, it turned out, worked as an external consultant for the company owning the system in question, called me from his remote workplace in the geographical outskirts of Denmark, humorously self-identifying as “one of those self-taught types” (R12). Interestingly, as a technical specialist in that specific system, his work consisted not only in conducting deletions of municipal data from but also in producing archival versions of that system (i.e. the “total copies” of administrative systems handed over to archives as TIFF files introduced above). Encountering and interviewing this technical expert thus made me feel like the investigation had come full circle in some important way. As a specialist in that particular system, his technical skillset made him central to several processes of public-sector data management, whether at the point of preservation or erasure of digital data. It was exactly his technical specialization, he argued, that made him capable of carrying out deletions of data in a way that was both precise and effective—and beyond the technical capabilities of the public administration. He explained:

[…] to go in and delete and be sure that you have done it correctly all the way through; when you carry out a deletion within a database […] you need to have a pretty good idea about what you have done throughout. If I was to enter [other, less familiar systems] to delete, then I need to have the exact same picture in my head of what I’m doing. I just don’t have that [for less familiar systems]. So, therefore, I can carry out deletion [in this system], because I know what I’m dealing with. No matter what happens, I’ll be able to comprehend what is happening when and if something goes wrong: that's where the problem is. Whereas with [other systems], I don’t have the complete picture of how it looks all the way through. […] [So], it's very specific to exactly this product, how it all fits together, what it is that has to be done. […] Typically, it's therefore […] it is the [technical] supplier who has to do it [i.e., carry out deletion]. […] [Because] I know what is there, so I dare to do it. It's simply a question of daring to do it. And then you might say, “that doesn’t sound too comforting,” no, but it's about being able to ascertain whether you are getting everything [when you delete data]. (R12)

The previous registers of valuing encountered in the public administration (i.e. historical, legal-administrative, ethical) here gave way to a purely technical, computational, and engineering rationale. Resonating with comments made by the administrative municipal personnel, the technical specialist argued that the technical complexity of the challenge of deletion ultimately “necessitated” its delegation to the private provider. This was because the risk of technical mistakes and failures was high, whereby only individuals capable of attaining a “complete picture” of the technical system and its complex functionalities would “dare” deleting and effectively “get everything.” Of note was how deletion now at several points along its value chain had been framed as a problem of “daring” (a framing also mobilized by the municipal IT consultant quoted above). Through this technically oriented mode of valuing, the deletion of personal data from public administrative systems was thus recast as a matter of technical ability, competence, specialization, effectiveness, and importantly: confidence. While resonating with the similarly technical register mobilized by certain administrative staff members, the specialist-contractor's sense of being capable of deleting data precisely and effectively from public digital systems infused his discourse with confidence at a point parallel to where public administrative staff tended to exhibit affective expressions of doubt and concern (I will return to this in the discussion).

When tracing data's deletion value chain through the public administration, it also seems noteworthy how the practice of deletion was not only delegated and, indeed, outsourced to the technical supplier but was in other ways too relegated to an institutional “background.” For instance, respondents—including this technical contractor—confirmed that deletions of data from municipal systems tend to be conducted at night or during weekends (i.e. outside normal working hours) to avoid overburdening systems and slowing parallel processes down (e.g. everyday case processing by municipal employees) (e.g. R3, R12). These interactions between administrative-legal and technical registers of (de-)valuing—and effectively marginalizing practices of—data deletion confirmed its deprioritized status relative to other processes deemed more “central” for the administration's work.

Tracing data deletion thoroughly through its value chain would of course imply never assuming that any apparent “ending” of data's existence was truly final. In this regard, the technical specialist provided an interesting answer to my question of how to know whether a deletion is ever “effective” when it is digital:

Well, then I really just have to trust that if I’ve given a command to the database product and told it that “now you have to delete this particular instance,” and if I later go in and tell the database product that “now I would like to see it again,” then the database product should say that it is gone. I have to trust the database product. I am fully aware that when I’ve told the database […] that “now it should delete this instance,” then inside its stomach, I know very well, that that instance is [still present] down there in the file system […], that it is still there until the database at some point conducts its own clean-up […]. So, I just have to trust the database product […] that it will do it [eventually]. (R12)

Despite my belief of finally having located the agent of administrative data deletion, it, thus, suddenly seemed again like I had merely encountered yet another delegation, and thus another extension of the “chain” in question; now from the IT technician and back to the machine itself. Mediating this delegation was, on the one hand, the discourse of computational “command and control” familiar to the practice—and, some would argue, ideology—of programming (see Chun, 2011), and, on the other hand, a certain relating by the technician to the database as an active, somewhat mysterious agent of deletion in its own right (indeed, a being with organs, capable of self-expression!). While the observation confirmed the embeddedness of the deletion value chain within material infrastructures of computation, it also implied an ultimate reliance by the public administration on privatized, black-boxed hardware of a mysterious character to even long-time technical specialists. I concluded the interview, thanking my respondent for his time while wondering if and in what sense I had reached the “end” of the chain I was claiming to study.

Discussion and conclusion

In this article, I have proposed the concept of the deletion value chain, attuned to key insights of CDS, STS, and VS, to study the institutional politics of data deletion at work in public administration. Focusing on Danish municipal institutions, I mobilized a “following-the-thing” approach to data deletion, tracing this practice through its continuous delegations and divergent valuations from municipal archives and administrations toward the private suppliers of public data management systems. This tracing of data deletion through the Danish public administration thus entails questions of the public controllability of data, situating key forms of infrastructural competence necessary to effectively carry out deletion(s) of personal data among private system suppliers. As such, the study substantiates previously expressed concerns about the accountability of public institutions in the context of digitalization and poses new questions about the implications and politics of data protection regulation (e.g. regarding the privatization of infrastructures and infrastructural competence, as well as the reliance of public authorities on private actors to supply and manage data processing systems key to governmental administration).

The empirical insights and methodological approach of this study yield several potential contributions for CDS and STS. Regarding the article's theoretical contribution, the above analysis illustrates the potential of a value chain approach to the study of the institutional practices and politics of data deletion. The proposed concept of the “deletion value chain,” understood as the continuous delegation and divergent valuation of data deletion, contrasts more traditional, instrumentalist approaches to data life cycle or value chain management. Rather than understanding data management as a simple linear sequence of steps, deletion value chain analysis draws attention to the potential nonlinearity (e.g. crucial moments when actors “start thinking about deletion,” the involvement of private, technical suppliers at several “steps,” etc.), material complexities (e.g. the perceived obscurity of digital systems, questions about when data is “gone” or “still there”), affective tendencies (e.g. concerns, doubts, even conflicts tied to deletion), and institutional politics tied to data deletion. The latter is reflected in both the diverse registers of valuing (Heuts and Mol, 2013) mobilized in different settings to make sense of and evaluate practices of data deletion along a chain of actors (i.e. archival, legal-administrative, technical, ethical), as well as in questions pertaining to the particular organization—including the continuous delegation, deferral, and outsourcing—of data deletion characteristic of the public institutions investigated. I will return to these questions below.

With regard to methodology, the method of “thing-following” proved equally valuable in several respects. First, as a methodology developed in response to the emergent characteristics of the field in question, the method of following data forward toward its deletion partially inspired the proposed concept of the deletion value chain described above. Second, following data toward its moment(s) of deletion comes to have similar defetishizing potentials as traditional approaches to thing-following oriented toward conditions of production (see Hulme, 2017). To explore the dynamics of data deletion, one needs to delve into the material conditions of data and digital systems, thus problematizing the commodified character of data themselves (Aaltonen et al., 2021). Third, the forward-tracing of data deletion also harbors potentials to investigate the institutional politics of data controllability and accountability reflected in the ability to delete data in accordance with existing regulatory requirements. In this regard, the present study illustrates the still-emergent character of Danish public-sector data deletion practices, thus substantiating concerns related to the public controllability of data processed within privately owned and maintained digital infrastructures (Motzfeldt and Næsborg-Andersen, 2018).

Through this combination of theoretical and methodological innovation, this article draws attention to the politics of what Sawyer et al. (2019) term infrastructural competence, defined as the development of functional, operable, and routinized sociotechnical practices combining social and technical abilities and resources to achieve a given task (here, the “effective” deletion of data). The present study illustrates both how (1) public-sector employees struggle trying to institutionalize (and thus routinize) legally mandated data deletion in the context of privatized digital systems, and (2) specialized technical competences necessary to effectively carry out deletion are firmly located with the system supplier. On the one hand, one could argue that data deletion as a practice is actualized through the entire chain of actors (from the archive and public administration to the private supplier) and involves a plethora of competences necessary for deletion to be done correctly (including archival, legal, and technical competences). On the other hand, the location of specialized technical competences—and, notably, technical confidence—primarily with the private supplier seems to shape many of the struggles experienced by public administrative employees in trying to routinize data deletion as a practice (e.g. through administrative employees’ reliance on private suppliers to define desired system functionalities necessary to facilitate deletion). These dynamics may only be further exacerbated by the fact that the underlying infrastructure is, of course, also privately owned.

By focusing on and tracing practices of data deletion, the present study thus highlights the politics of data protection in the context of public administration (Bellanova, 2017). While regulatory instruments like the GDPR have been intended to guarantee and protect the rights of citizens in the context of both private and public sector digitalization, the study illustrates how such regulation also risks compromising such rights and entails (i.e. “necessitate”) new forms of privatization. Future research on this topic might explore similar dynamics around the implementation of data deletion among government and public institutions in contexts beyond that of Denmark and investigate emergent sociotechnical patterns of organization in response to data protection (and other forms of digital) regulation.

Footnotes

Acknowledgments

I wish to thank all research participants for their time, interest in the matter at hand, and for sharing their experiences with and thoughts on data deletion in the Danish public administration. This research could not have been carried out without your generous contributions. I also thank Esmée Dylan Colbourne, Katherine Clare Mackinnon, and Nanna Bonde Thylstrup for invaluable feedback and support during the process of finalizing this article. Finally, I thank Chiara Carboni for her persistent help and kindness—in work as in life.

ORCID iD

Frederik Schade

Ethical approval and informed consent statements

Research data was handled in accordance with the University of Copenhagen's policy for data management and the GDPR. Informed consent was collected in writing from all participants with an option to opt-out of the study at any time.

Funding

The author received financial support for this research from the Independent Research Fund Denmark (DFF). The author disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the Independent Research Fund Denmark (DFF) (Grant No. 3097-00130B).

Declaration of conflicting interests

The author declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Data availability statement

To protect participant anonymity, data cannot be made generally available at this time. Interview data can be made available in an anonymized form upon reasonable request.

Notes

References

Aaltonen

Alaimo

Kallinikos

(2021) The making of data commodities: Data analytics as an embedded process. Journal of Management Information Systems 38(2): 401–429.

Ahmed

(2004) Affective economies. Social Text 22(2): 117–139.

Appadurai

(1988) The Social Life of Things: Commodities in Cultural Perspective. Cambridge: Cambridge University Press.

Attard-Frost

Widder

(2025) The ethics of AI value chains. Big Data & Society 12(2): 1–16.

Ausloos

(2020) The Right to Erasure in EU Data Protection Law. Oxford: Oxford University Press.

Bannister

Connolly

(2014) ICT, public values and transformative government: A framework and programme for research. Government Information Quarterly 31(1): 119–128.

Bates

Lin

Goodale

(2016) Data journeys: Capturing the socio-material constitution of data objects and flows. Big Data & Society 3(2): 1–12.

Bellanova

(2017) Digital, politics, and algorithms: Governing digital data through the lens of data protection. European Journal of Social Theory 20(3): 329–347.

Beynon-Davies

(2007) Models for e-government. Transforming Government: People, Process and Policy 1(1): 7–28.

10.

Birch

(2017) Rethinking value in the bio-economy: Finance, assetization, and the management of value. Science, Technology, & Human Values 42(3): 460–490.

11.

Biruk

(2018) Cooking Data: Culture and Politics in an African Research World. Durham: Duke University Press.

12.

Blazquez

Domenech

(2018) Big Data sources and methods for social and economic analyses. Technological Forecasting and Social Change 130: 99–113.

13.

Boltanski

Thevenot

(2006) On Justification. Economies of Worth. Princeton: Princeton University Press.

14.

Bowker

Star

(1999) Sorting Things Out: Classification and its Consequences. Cambridge: MIT Press.

15.

Bradford

(2023) Digital Empires: The Global Battle to Regulate Technology. Oxford: Oxford University Press.

16.

Breines

Menet

Schapendonk

(2021) Disentangling following: Implications and practicalities of mobile methods. Mobilities 16(6): 921–934.

17.

Chun

(2011) Programmed Visions. Software and Memory. Cambridge: MIT Press.

18.

Cook

(2006) Geographies of food: Following. Progress in Human Geography 30(5): 655–666.

19.

Cooren

(2000) The Organizing Property of Communication. Amsterdam: John Benjamin’s Publishing Company.

20.

Danish National Archive (2020) Vejledning til bekendtgørelse om arkiveringsversioner. Available at: https://www.rigsarkivet.dk/wp-content/uploads/2025/08/Vejledning-til-bekendtgoerelse-128.pdf (accessed 13 January 2026).

21.

Danish National Archive (2026) Bevar og kassér kommunens it-systemer. Available at: https://www.rigsarkivet.dk/aflever-data/kommune/bevar-og-kasser-kommunens-it-systemer/ (accessed 13 January 2026).

22.

De Goede

(2018) The chain of security. Review of International Studies 44(1): 24–42.

23.

Deleuze

Guattari

(1987) A Thousand Plateaus. Capitalism and Schizophrenia. Minneapolis: University of Minnesota Press.

24.

DuBois

Salas

(2021) Value and politics: Introduction to the special issue. Dialectical Anthropology 45(1): –7.

25.

Engel

(2006) Kommunal bevaring of kassation gennem 50 år. In: Bloch

Larsen

(eds) At Vogte Kulturarven eller at Slette Alle Spor. Om Arbejdet med den Danske Bevaringsstrategi. Copenhagen: Arkivforeningen, 29–48.

26.

Eubanks

(2018) Automating Inequality: How High-tech Tools Profile, Police, and Punish the Poor. New York: Macmillan.

27.

European Commission (2022) The digital economy and society index (DESI). The European Commission. Available at: https://digital-strategy.ec.europa.eu/en/policies/desi (accessed 6 January 2026).

28.

Feller

Shunk

Callarman

(2006) Value chains versus supply chains. BP Trends 1(3): 165–173.

29.

Fredriksson

Mubarak

Tuohimaa

, et al. (2017) Big Data in the public sector: A systematic literature review. Scandinavian Journal of Public Administration 21(3): 39–61.

30.

Gitelman

Jackson

(2013) Introduction. In: Gitelman

(eds) Raw Data is an Oxymoron. Cambridge: MIT Press, 1–14.

31.

Graeber

(2001) Toward an Anthropological Theory of Value: The False Coin of Our Own Dreams. New York: Palgrave.

32.

Heuts

Mol

(2013) What is a good tomato? A case of valuing in practice. Valuation Studies 1(2): 125–146.

33.

Hulme

(2017) Following the (unfollowable) thing: Methodological considerations in the era of high globalisation. Cultural Geographies 24(1): 157–160.

34.

Jørgensen

(2023) Data and rights in the digital welfare state: The case of Denmark. Information, Communication & Society 26(1): 123–138.

35.

Keele

(2009) Privacy by deletion: The need for a global data deletion principle. Indiana Journal of Global Legal Studies 16(1): 363–384.

36.

Kitchin

(2022) The Data Revolution. 2nd ed. London: Sage.

37.

Kitchin

Davret

Kayanan

, et al. (2025) Data mobilities: Rethinking the movement and circulation of digital data. Mobilities 20(5): 1002–1020.

38.

Kitchin

Lauriault

(2014) Towards critical data studies: Charting and unpacking data assemblages and their work. In The Programmable City Working Paper. Available at: https://papers.ssrn.com/sol3/papers.cfm?Abstract_id=2474112 (accessed 23 January 2026).

39.

KL (2026) Arkivering og arkiver. Kommunernes Landsforening. Available at: https://www.kl.dk/oekonomi-og-administration/digitalisering-og-teknologi/administrativ-informationshaandtering/arkivering-og-arkiver (accessed 13 January 2026).

40.

KLE Online (2026) KLE Online. Kommunernes Landsforening. Available at: https://www.kle-online.dk/soegning (accessed 13 January 2026).

41.

Latour

(2012) An Inquiry into Modes of Existence. An Anthropology of the Moderns. Cambridge, MA: Harvard University Press.

42.

Löfgren

Webster

CWR

(2020) The value of Big Data in government: The case of ‘smart cities’. Big Data & Society 7(1): 1–14.

43.

Marcus

(1995) Ethnography in/of the world system: The emergence of multi-sited ethnography. Annual Review of Anthropology 24(1): 95–117.

44.

Mayer-Schönberger

(2009) Delete: The Virtue of Forgetting in the Digital Age. Princeton: Princeton University Press.

45.

McDermott

(2017) Conceptualising the right to data protection in an era of Big Data. Big Data & Society 4(1): –7.

46.

Mentzer

DeWitt

Keebler

, et al. (2001) Defining supply chain management. Journal of Business Logistics 22(2): 1–25.

47.

Miao

(2021) Digital economy value chain: Concept, model structure, and mechanism. Applied Economics 53(37): 4342–4357.

48.

Motzfeldt

Næsborg-Andersen

(2018) Developing administrative law into handling the challenges of digital government in Denmark. Electronic Journal of e-government 16(2): 136–146.

49.

Padden

Öjehag-Pettersson

(2024) Digitalisation, democracy and the GDPR: The efforts of DPAs to defend democratic principles despite the limitations of the GDPR. Big Data & Society 11(4): 1–13.

50.

Panagiotopoulos

Klievink

Cordella

(2019) Public value creation in digital government. Government Information Quarterly 36(4): 1–20.

51.

Porter

(1985) Competitive Advantage, Creating and Sustaining Superior Performance. New York: The Free Press.

52.

Sawyer

Erickson

Jarrahi

(2019) Infrastructural competence. In: Ribes

Vertesi

Jackson

(eds) Digital STS Handbook. Princeton: Princeton University Press, 267–279.

53.

Schade

(2023) Dark sides of data transparency: Organized immaturity after GDPR? Business Ethics Quarterly 33(3): 473–501.

54.

Schade

(2024) The question of digital responsibility: An ethnography of emergent institutional formations in the contemporary governance of technology. PhD Dissertation, Copenhagen Business School.

55.

Shah

SIH

Peristeras

Magnisalis

(2021) Dalif: A data lifecycle framework for data-driven governments. Journal of Big Data 8(1): 89.

56.

Solove

(2022) The limitations of privacy rights. Notre Dame Law Review 98: 975.

57.

Strathern

(1988) The Gender of the Gift: Problems with Women and Problems with Society in Melanesia (Vol. 6). Berkeley: University of California Press.

58.

Thylstrup

(2022) The ethics and politics of data sets in the age of machine learning: Deleting traces and encountering remains. Media, Culture & Society 44(4): 655–671.

59.

Thylstrup

(2023) The world's digital memory is at risk. International New York Times. Available at: https://www.nytimes.com/2023/06/21/opinion/digital-archives-memory.html (accessed 6 January 2026).

60.

Trzaskowski

Sørensen

(2022) GDPR Compliance: Understanding the General Data Protection Regulation. Copenhagen: Ex Tuto Publishing.

61.

Twizeyimana

Andersson

(2019) The public value of E-government–A literature review. Government Information Quarterly 36(2): 167–178.

62.

Vatin

(2013) Valuation as evaluating and valorizing. Valuation Studies 1(1): 31–50.

63.

Walker

(2012) The right to be forgotten. Hastings LJ 64: 257.