Who are you? The Right to be Forgotten moves closer

Organisations that gather information on individuals may now have to delete it too, following an EU Court of Justice ruling

Inside the enterprise: Changes to the Europe's data protection regime are currently working their way through the European Union's legislative system.

A new Data Protection Regulation is set to replace the less binding Data Protection Directive, the basis for current European privacy laws. The new legislation will include a range of new measures, including much higher fines for organisations that lose data, compulsory breach disclosure, and the "right to be forgotten".

Companies rely on information about individuals to operate a range of services, from e-commerce sites to context-aware advertising.

The new law, though, is still some way off: 2015 is now looking like a realistic target, as negotiations over the law between the European Parliament, Commission and Council of Ministers continue. But one aspect, the right to be forgotten, is already being put into force by the courts. This could have some serious ramifications for companies that hold or process date on individuals.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

A landmark ruling from the European Court of Justice (ECJ) found that search engines are "controllers" of personal data, and will have to delete information, including links to information published legally elsewhere, if the subject of the data asks them to.

A right to be forgotten, though, addresses the wider issue of who owns information on individuals, and whether individuals can ask for that information to be removed.

Increasingly, companies rely on information about individuals to operate a range of services, from e-commerce sites to context-aware advertising.

Then there are the social media sites that, in effect, encourage users to create the content that others view. That content, potentially, could live online for ever.

Under the proposed Data Protection Regulation, anyone will be able to ask a data controller to remove information on or about them or indeed created by them, unless there are "legitimate grounds" for retaining it.

Exactly how that will work in practice, remains to be seen. The European Commission has said that a right to be forgotten will not give individuals to rewrite the past; the new law should not, for example, be used to limit the freedom of the press. But companies will certainly have to be aware of the new right, and put in place mechanisms to allow individuals to remove their records.

Advertisement - Article continues below

But, as the ECJ ruling has shown, this can be complicated. Google has been told to remove links to information about an individual whose house was sold at auction some 16 years ago, even though the information Google is pointing to is legitimately in the public domain.

Court rulings, though, are apt to throw up this sort of paradox, and the hope is that the Data Protection Regulation will clarify what information businesses will have to delete, and what they can keep. But, as ENISA, the European Network and Information Security Agency, pointed out in a recent paper, more consistency across the EU is essential to protect citizens' rights. It will be important for the smooth running of data-driven businesses too.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity
Security

Are you taking enough accountability on cyber security?

18 Dec 2019
Visit/policy-legislation/34789/breaking-up-big-tech-will-cause-more-problems-than-it-solves-says-eu
Policy & legislation

Breaking up big tech 'will cause more problems', says EU

8 Nov 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020