The ‘right to be forgotten’ is a term used to refer to the right to have certain information about an individual erased or not made publicly available. In a digital world where the data that is being collected and stored is increasingly becoming more granular and wide-reaching, it is important that people have the right for some of this information to be forgotten.
The concept of a ‘right to be forgotten’ has its roots in the European Union and has been codified in the General Data Protection Regulation (GDPR) in 2016. The idea behind this is that the data that is collected about individuals should not remain online for an extended period of time, with individuals having the power to request that their personal data be removed from a database or from an online source. This is an important tool for individuals to ensure that they have some control over their personal data, and to make sure that they are not being unfairly tracked or judged due to something that is out of date. It is also a way for people to have greater privacy over the information that is held about them.
The right to be forgotten is a cornerstone of the GDPR, and the term itself is enshrined in the law. In essence, it gives people the right to have certain personal data erased, or at least not published or otherwise made available to the public. This allows individuals to protect their privacy and to have a degree of control over what information is held about them.
The GDPR states that an individual must first make a request to have their data erased from a database or from other online sources. The request must be done in writing, and it must explain the reasons why the request is being made. The request must also include evidence that the data is for one of the specific purposes stated in the GDPR, such as if it is deemed inaccurate, irrelevant, or excessive.
Become a Sales & Marketing Rainmaker
Learn valuable skills to win more customers, grow your business, and increase your profits.
Once the request is made, it is up to the data controller (the entity responsible for collecting and using data) to either delete the data or make it inaccessible to the public. If the data controller does not fulfil the request, the individual can then complain to the relevant supervisory authority, such as the Information Commissioner’s Office in the UK.
If the data controller decides to delete the data, there are certain best practices they should follow. They should take into account any potential negative consequences of the deletion, in particular any damage that could be caused to the individual if their data is deleted. The data controller should also take into account whether there are any other reasons that would make it impossible in practice to delete the data, or any other measures that could be taken in order to comply with the right to be forgotten.
When it comes to online sources, the individual may have the right to request for the data to either be removed or for links to it to be de-listed. This will mean that the individual’s name or personal information will no longer be associated with the content. It is important to note that individuals cannot request to have content removed if the content is part of some kind of public interest reporting – for instance, if an individual’s name was mentioned in news reports about a crime.
Another important factor to consider is that there may be other laws that could apply to the data and could prevent its deletion – for example, laws that require the retention of certain types of data. It is also important to note that the right to be forgotten should not be used to remove information that is true and accurate, or to hide information that belongs in the public domain.