Who are you? The Right to be Forgotten moves closer

Organisations that gather information on individuals may now have to delete it too, following an EU Court of Justice ruling

Inside the enterprise: Changes to the Europe's data protection regime are currently working their way through the European Union's legislative system.

A new Data Protection Regulation is set to replace the less binding Data Protection Directive, the basis for current European privacy laws. The new legislation will include a range of new measures, including much higher fines for organisations that lose data, compulsory breach disclosure, and the "right to be forgotten".

Companies rely on information about individuals to operate a range of services, from e-commerce sites to context-aware advertising.

The new law, though, is still some way off: 2015 is now looking like a realistic target, as negotiations over the law between the European Parliament, Commission and Council of Ministers continue. But one aspect, the right to be forgotten, is already being put into force by the courts. This could have some serious ramifications for companies that hold or process date on individuals.

A landmark ruling from the European Court of Justice (ECJ) found that search engines are "controllers" of personal data, and will have to delete information, including links to information published legally elsewhere, if the subject of the data asks them to.

A right to be forgotten, though, addresses the wider issue of who owns information on individuals, and whether individuals can ask for that information to be removed.

Increasingly, companies rely on information about individuals to operate a range of services, from e-commerce sites to context-aware advertising.

Then there are the social media sites that, in effect, encourage users to create the content that others view. That content, potentially, could live online for ever.

Under the proposed Data Protection Regulation, anyone will be able to ask a data controller to remove information on or about them or indeed created by them, unless there are "legitimate grounds" for retaining it.

Exactly how that will work in practice, remains to be seen. The European Commission has said that a right to be forgotten will not give individuals to rewrite the past; the new law should not, for example, be used to limit the freedom of the press. But companies will certainly have to be aware of the new right, and put in place mechanisms to allow individuals to remove their records.

But, as the ECJ ruling has shown, this can be complicated. Google has been told to remove links to information about an individual whose house was sold at auction some 16 years ago, even though the information Google is pointing to is legitimately in the public domain.

Court rulings, though, are apt to throw up this sort of paradox, and the hope is that the Data Protection Regulation will clarify what information businesses will have to delete, and what they can keep. But, as ENISA, the European Network and Information Security Agency, pointed out in a recent paper, more consistency across the EU is essential to protect citizens' rights. It will be important for the smooth running of data-driven businesses too.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021
Performance benchmark: PostgreSQL/ MongoDB
Whitepaper

Performance benchmark: PostgreSQL/ MongoDB

22 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021