The twenty-first century has been marked by rapid technological developments, the implosion of the internet, and the consolidation of a data economy. In such a landscape, ensuring the privacy of personal data is more challenging than ever, and we’re exposed to a number of dangers, including identity theft, fraud, harassment, and reputation damage.
The European General Data Protection Regulation (GDPR), the strictest privacy and security law in the world, gives people the right to ask organizations to delete their data. This is known as the “right to be forgotten” or “right to erasure.”
In what follows, we break down the origins of the right to be forgotten and their applications as well as general recommendations for protecting your online privacy.
The 2014 EU Court of Justice judgment
The 2014 judgment from the EU Court of Justice set the precedent for the right to be forgotten. The case arose from the proceedings between Google Spain and the Spanish Data Protection Agency and Mario Costeja González. In 2010, Costeja Gonzáles contacted the tech giant, asking for the erasure of content mentioning his name. The EU Court of Justice ruled against Google, identifying the company as a data controller obliged to respect the rights of a person to control their own data.
By 2018, Google received over 2.4 million requests from European residents to remove URLs from its search engine.
In what cases is the right to be forgotten applicable?
People can exercise their right to erasure in the following scenarios:
- The organization processed the data unlawfully;
- The data is no longer necessary for the purpose the organization originally processed it;
- The organization relied on the person’s consent for withholding the data and he or she withdrew consent;
- The organization relied on legitimate interests for withholding or processing the data, but the person objects to this processing;
- The organization processed the data for direct marketing purposes, but the person objects to this processing;
- The organization processed the data of a minor to offer their information society services;
- The organization must erase the data to comply with a legal procedure.
In circumstances where the erasure of the data would negatively affect freedom of expression, a legal procedure, or public interest in scientific or historical research, the right to be forgotten is not applicable.
How can you protect your digital privacy?
There are several measures you can take to protect your data from misuse and ensure the protection of your digital privacy. For example:
- Avoid sharing sensitive information, such as biometric data, medical records, personally identifiable financial information, and passport and Social Security numbers on social media or anywhere else on the internet.
- Watch out for suspicious links, attachments, or emails asking you to disclose sensitive information.
- Beware of using public Wi-Fi networks as they have weak security measures in place.
- Unsubscribe from irrelevant newsletters and delete old social media accounts.
- Contact information broker sites and ask them to delete your personal data. Alternatively, subscribing to specialized services can significantly speed up the opt out process and save hundreds of hours of your time.
To conclude
In Europe, the right to be forgotten gives people the right to ask organizations to delete their personal data. This is invaluable in an age where personal information has been commodified and can be misused by bad actors.
