Continuous technological development based on Artificial Intelligence is leading to the emergence of numerous new digital tools that impact human rights and may undermine the effectiveness of the mechanisms that currently protect them. In this publication, the authors decided to examine one of the human rights protection instruments, the right to be forgotten, regulated in the General Data Protection Regulation, and relate its operation to deepfake technology, which enables the creation of new content using AI models. The Authors’ research goal was to examine the extent to which Article 17 of the GDPR, in its current form, can serve as an effective instrument for personal data protection in the face of the challenges posed by deepfake technology. In order to answer this question, they analyzed the adequacy of the contemporary understanding of the concept of personal data, the characteristics of deepfakes, and the effectiveness of the right to be forgotten in the context of the malicious use of deepfakes. Based on these considerations, the Authors concluded that the current model of the right to be forgotten is losing its effectiveness and requires redefinition. At the very end, the Authors propose a new legal approach to the protection of individuals and present the concept of transforming the right to erasure personal data into a broader right of an individual to control their digital identity.