What is the right to be forgotten?
The right to be forgotten, also known as the right to erasure, is the right of an individual to have information that is or was publicly available delisted from search engines and delinked from compliant websites. The right to be forgotten originates in the European Union (EU) but has since been implemented elsewhere.
The right to be forgotten was first established in the EU as a result of a European Court of Justice ruling in 2014. When the EU adopted the General Data Protection Regulation (GDPR) in 2018, the “right to erasure” was set out in Article 17 of the Regulation. This right also appears in Recitals 65 and 66 of the GDPR.
The situation outside the EU is less encouraging, with few jurisdictions recognizing analogous rights. In the US, for example, the right to be forgotten is seen by many as being in conflict with established First Amendment principles, particularly the freedom of expression. Argentina and the Philippines do have similar concepts, though.
What is the right to be forgotten in the United States?
There is no federally recognized right to be forgotten in the United States. More generally, there are no federal data privacy laws in effect and even at the state level, there are only a handful of comprehensive data protection laws. Of these, California has the most comprehensive such legislation to date.
The California Consumer Protection Act (CCPA) guarantees California residents the “right to delete,” sometimes referred to as the “right to be forgotten,” but this isn’t the same as the GDPR’s “right to be forgotten.” The CCPA right refers to having your data deleted from a business’s databases.
Other than the fact that privacy laws are still, at best, in their infancy in the US, there’s also some pushback to an EU-styled “right to be forgotten.” Critics worry that such a right would run contrary to the principles of the First Amendment, coming into conflict with the concept of freedom of expression.
What are examples of the right to be forgotten?
The right to be forgotten, in the European, GDPR sense, means that a person can distance themselves from their past crimes, indiscretions, associations, or statements. For example, if you were previously publicly associated with an extremist group, but have since left and reformed, then you may be able to have search engine results linking you to the group removed.
According to both the GDPR and CCPA, you can ask a business if it has your personal information (invoking your “right to access”) and, if it does, demand that it deletes everything. This is the “right to erasure” as it operates in both California and the EU, the EU simply takes this concept further.
Is the right to be forgotten a good thing?
Yes, the right to be forgotten is a good thing. It’s not without its critics, though. Many cite the vagueness of recent rulings that are seen as attempts to implement this right. Others express concerns about conflicts or clashes with the right to freedom of expression and the potential for censorship or “rewriting history.”
Yet, with phenomena like so-called revenge porn being so common, the need for something like a right to be forgotten seems undeniable. Data brokers, including people search sites, are only too glad to publish potentially embarrassing photos, like mugshots, and personal information like your court or criminal records.
Data privacy laws will generally compel revenge porn and people search sites to remove private information from their databases, but it’s the right to erasure that can delink and delist public information from search engines.
How did the right to be forgotten become a law?
The right to be forgotten became a law in 2018 when it was set out in the European Union’s (EU’s) General Data Protection Regulation (GDPR). But the concept of a right to be forgotten can be traced back further, to at least 2014. In May of that year, the European Court of Justice made a precedent-setting ruling.
The ruling concerned the case of a Spanish lawyer who was petitioning to have online references to an old debt removed from the internet. This ruling set a de facto precedent and introduced the legal right to have links to certain kinds of data removed from the internet.
Do individuals have the right to be forgotten?
Yes, data privacy laws generally only apply to individuals’ data, and the right to be forgotten is no exception. Businesses don’t typically have the right to have their corporate history delisted from search engines.
The right to be forgotten according to Google
Google, insofar as it wants to operate in the EU, also has to acknowledge the right to be forgotten. To exercise this right as it pertains to Google search results, fill in and submit this online form. Google’s reviewers will then weigh how “inaccurate, inadequate, irrelevant or excessive” the content is against any public interest in its continuing to show up in search results.
Google’s reviewers will take a number of factors into account when doing this. These include, but are not limited to:
- Your role in public life
- Where the information comes from
- How old the content is
- The effect on Google’s users
- Truth or falsehood
- Sensitive data.