Law in the Internet Society

The Right to be forgotten

-- By RemicardSereme - 08 Dec 2021

This essay focuses on the « right to be forgotten » guaranteed to citizens of European Union Member States. This idea came to me during one of our discussions on the usefulness of regulations as a tool to protect privacy on the net. I wanted to take a look at some of the regulations passed by the European Union, as it has been particularly active and vocal on these issues these past few years, especially with the General Data Protection Regulation. The right to be forgotten struck me as a good case study because of all the debate which has surrounded it since it came into being in 2014. My idea here is that this « right to be forgotten » serves as a prime example of the inadequacy of the European Union’s approach to addressing the issue of privacy on the net.

I. The right to be forgotten and the debates surrounding it

What is the right to be forgotten?

The right to be forgotten is an extension of the right to erasure which has been granted to individuals since the 1995 EU Directive on Data Protection, which gave them the right to have all personal data related to them deleted when they leave a service or close an account. The right to be forgotten as we talk about it in this essay was originally established by a 2014 European Court of Justice Ruling in which the court held that European citizens have a right to delisting, meaning that they can request that search engines, like Google, delist certain links from their search index if the results contain personal information that is « inadequate, irrelevant, or no longer relevant, or excessive ». This ruling was then adopted into Article 17 of the GDPR which states that: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”.

This right is, however, not an absolute one, it can only be applied in a list of specific circumstances and is subject to several exceptions

Arguments in favor of this right

Proponents of this right argue that it is a way to guarantee individual privacy by putting a stop to the continuous availability of certain personal information which can cause serious injustice to individuals, without any public interest in having such information available.

Arguments against this right

Those against it argue that it can endanger human rights as some autocratic governments can use it to limit what information are accessible online and that in a more general way it goes against freedom of speech.

II. An Inadequate Regulation

I see two main problems with this regulation:

1) It's Limited Scope

The scope of this regulation is very narrow and imperfect. Delisting doesn’t mean that the data doesn’t exist anymore, it just means that it won’t be directly referenced on a search with the person’s name so nothing is forgotten, only access to it is restricted.

The European Court of Justice ruled in 2019, in a case opposing Google and the French Regulator CNIL (Commission Nationale de l'Informatique et des Libertés), that this right only applies within the EU, which makes no sense since you need only to use another IP address to access the information as pointed out by the CNIL, it’s useless if it doesn’t have a global reach.

Companies don’t have to accede to your request, you have to plead your case and justify why it should be removed. It effectively gives Google judicial power in allowing you to make a decision about something which is yours in the first place.

2)The very premise of this regulation is problematic

It was made on the premise that it’s a given that our personal information is stocked indefinitely and in the hand of some entities, therefore we need to make an active effort to sort of exert some control over it. The right to be forgotten doesn’t address the core problem of data privacy at all which is the fact that different entities retain and commercialize our data.

The EU is missing the point by not trying to solve the bigger problem. Instead of a right to be forgotten, the EU should enforce a right to not be remembered in the first place, not allow data to be gathered. At the same time, it should teach kids how to use technology in a way that wouldn’t require a right to be forgotten. In other words, it should fund programs that would teach everyone how to protect their own data by for example using their own software.


We can therefore conclude that this right to be forgotten illustrates the non-inventive way in which the EU tackles issues of privacy in the net. Instead of thinking about treating the root causes, it tried to put a band-aid on the symptoms and ended up giving more power to search engines like Google to be judge, jury, and executioner over our data, even more than they are today.

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r1 - 08 Dec 2021 - 06:16:09 - RemicardSereme
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM