With a plethora of information available on the internet, certain laws have been created to protect the personal data of the data subjects. This has, indeed, given the users peace of mind as they can control the data that’s being held and processed by entities in the digital world. However, this has become a huge challenge for companies to comply with these data privacy laws. But the same technology helps these organizations to embed a well-honed and seamless software in their system to process a data erasure request in a cinch to prevent loss of reputation or hefty penalties.
Hence, this article will explain everything that you need to know regarding the right to be forgotten. Read below!
What Is the Right To Be Forgotten?
The GDPR (General Data Protection Regulation) applies not only to the EU citizens but also to the ones who do business with EU citizens, no matter where they are located.
The right to be forgotten law is stated in the GDPR article 17 which gives the data subjects freedom to get their data erased or deleted without undue delay.
The data controller is then obliged to delete or erase the data within 30 days, otherwise, they may have to bear hefty fines. It’s also essential to confirm the identity of the individual making the data erasure request to ensure they are the actual data subject.
Another thing to consider here is that if the data erasure request is excessive or unfounded, the company may ask for a reasonable fee from the data subject or even reject their request.
Other Similar Laws Passed By Different Countries
In addition to GDPR, California Consumer Privacy Act (CCPA) and Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD) also came up with the data subject rights laws.
The CCPA and the LGPD allow data holders to complete a data erasure request within 45 days and 15 days respectively. In case of violation, they will have to face severe legal penalties.
When Does the Right To Be Forgotten Apply?
Now it’s essential to note that the right to be forgotten request is only valid in the following conditions:
- The data subject no longer consents to their personal data being processed by the organization.
- The personal data doesn’t serve the purpose for which it was originally collected.
- The company is processing an individual’s data for its own legitimate interests or marketing purposes.
- The personal data of the data subject was unlawfully processed by the entity.
- The company has to comply with a legal obligation.
What Are the Exceptions to the Right To Be Forgotten?
The data holder may not be obliged to erase or delete the personal data in the following circumstances:
- The data relates to the right to freedom of expression and information.
- The data can’t be deleted due to a legal ruling.
- The data contains critical information that helps public interest, and historical and scientific research.
- The data is vital to the health of the public.
- The data serves the public interest or it is being processed due to an entity’s official authority.
Pros and Cons of the Right To Be Forgotten
This data subject right gives the individuals freedom for their online presence and helps them keep their personal and financial data safe. It also allows them to take a fresh start by getting their unwanted information deleted on the internet.
On the other hand, this data subject right limits the freedom of speech. It may also lead to a lack of transparency regarding the information available on a person. Moreover, your data erasure request may be denied on “public interest” grounds.