The right to be forgotten
4 min to read

The right to be forgotten

Date
16 June 2016

The new General Data Protection Regulation (“GDPR”) introduces “the right to be forgotten”. The right will in certain circumstances enable the individual to control which of the individual’s personal data is publicly available.

What does the right to be forgotten mean?

The right is a clarification and elaboration of the right to erasure, rectification or blocking that existed in the Data Protection Directive. Basically, it means that you can require a company to delete, rectify or block personal data that you no longer want published, stored or processed. In short, a useful tool to obtain better control of your personal data.

The Google case

The right was recently applied in a ruling from the European Court regarding Google where it was deemed that Google had to process enquiries from individuals regarding removal of links from freely accessible websites which appeared when the individuals searched their names. The right was not explicitly mentioned in the ruling as it was not drawn up yet at the time, but the ruling is a cornerstone of the adoption of the right.

As a consequence of the ruling, Google has been forced to employ a complete staff of employees just to handle requests regarding the right to be forgotten!

Whom to contact to be forgotten

In the above mentioned Google ruling, Google was obliged to process all requests. But the new GDPR does not inform us who other than search engines such as Google will be obliged to comply with the right to be forgotten.

It is not clear if hosting platforms, such as Facebook, LinkedIn, Twitter or other service providers on the internet must comply. In many ways it would be strange, if Google has to comply with the rules, if Twitter does not. This would mean that Google would have to remove search results that show information regarding a person on Twitter, but Twitter would not have to remove the post from their own platform.

However, one thing is certain. If a company does not comply with the right to be forgotten, it can result in sky-high fines.

What about third parties using personal data?

According to the GDPR, companies that publish personal data are required to take all reasonable steps, including technical, to secure that third parties that process the data are informed of his/her request to erase the data.

Among other things, this means that Google must take all reasonable steps to secure that everyone who has had access to the information from the Google service is informed of the request to erase the data. This is a time consuming obligation which will be a burden for many companies, but at the same time it will ensure the individuals a more effective right to be forgotten.

The exception

Requests regarding the right to be forgotten can be rejected due the interest in protection of freedom of expression and information.

However, it is a problematic way out because the GDPR has no guidelines for interpretation of the freedom of expression and information. Experience has taught us that member states have rather different interpretations of the balance between the freedom of expression and information compared to the right to privacy. Therefore, it is not likely that the GDPR will provide a harmonised approach to the exception based on the freedom of expression.

The future prospects

In short, the right to be forgotten provides some useful tools for the individual to feel that it is more secure to share personal data.

It will be interesting to see if the other hosting platforms, such as Facebook, LinkedIn and Twitter, also have to comply with the obligation. In that case, individuals are given quite a significant control of their personal data in the future.

 

(I would like to thank my Bird & Bird colleagues, student assistant Mathias Bartholdy, junior associate Amalie Langebæk and associate Kamilla Pierdola Mondrup, for assisting with this blog entry.)

Share
Written by
Martin von Haller
Martin von Haller
Martin is recognised for his solid legal skills and as an innovative thought leader and strategist within the IT industry. He is a partner in Bird & Bird's International Tech and Comms Group and is based in Denmark. Martin is one of Denmark’s leading IT lawyers with almost 20 years’ experience of advising Danish and international organisations, including large blue chip companies on legal and commercial matters in connection with IT in a wide sense. He is considered a pioneer with respect to legal aspects of Online Technology Solutions (Ecommerce, internet and web services), Cyber and IT security, open source and open data and use of other open licence forms such as Creative Commons.
Related articles
Smart Contracts – Recognising and Addressing the Risks
4 min to read
29 December 2021
Smart Contracts – Recognising and Addressing the Risks
Smart contracts, where some or all of the contractual obligations are defined in and/or performed automatically by a computer program, are expected to have a significant impact on the way business is...
Technology Projects: Managing the Risks of Innovation and Change Part 3: Contract Reset and Dispute Resolution
Technology Projects: Managing the Risks of Innovation and Change Part 3: Contract Reset and Dispute Resolution
Customers in long-term technology projects can find that while they have been working towards their chosen solution a more advanced, cheaper, or simply more desirable technology has become available....
Digital dispute resolution rules to facilitate rapid and cost-effective resolution of disputes involving novel digital technologies
Digital dispute resolution rules to facilitate rapid and cost-effective resolution of disputes involving novel digital technologies
While some saw the development of products using blockchain technology leading to the demise of disputes, the reality is that disputes in the arena of digital technology are increasing in number. Lawtech’s...
Technology Projects: Managing the Risks of Innovation and Change Part 2: During the Life of the Project
Technology Projects: Managing the Risks of Innovation and Change Part 2: During the Life of the Project
Customers in long-term technology projects can find that while they have been working towards their chosen solution a more advanced, cheaper, or simply more desirable technology has become available....
Cookies
We use analytics cookies to help us understand if our website is working well and to learn what content is most useful to visitors. We also use some cookies which are essential to make our website work. You can accept or reject our analytic cookies (including the collection of associated data) and change your mind at any time. Find out more in our Cookie Notice.