The right to be digitally forgotten: a unique concept in an interconnected world
The right to be forgotten was created in 2014 by case law from the Court of Justice of the European Union, following requests by Internet users for certain pages concerning them to be removed from Google search results. This concept is written into law by Article 17 of the EU General Data Protection Regulation (GDPR) and extends to all data-processing methods.
While directive 95/46/EC, which is currently applicable, already provides that, for personal data to be processed legally, they must only be processed if they are necessary (and therefore they should no longer be processed if they stop being necessary), the GDPR must basically go further by allowing data subjects to have some of their personal data erased as soon as possible provided that certain requirements are met. This is in addition to the right to object to the processing of personal data.
While deceptively simple, the right to be forgotten immediately raises a tricky philosophical issue: how can the right to freedom of communication and freedom of information be reconciled with the right to privacy? On the one hand, you have the data controller’s legitimate interests and on the other, the data subject’s fundamental rights. You have scientific truth vs fact manipulation.
From a technical standpoint, the digital right to be forgotten is a genuine challenge. Granted, it is objectively easier to erase a computer’s memory than human memory; however, given the complexity of interactions between systems, the data back-ups as well as the variety of people involved and data recipients, it would be unrealistic to believe that data can be totally erased.