The internet never forgives you. Your mischief, your blunders, and everything else that makes it onto the internet stays there forever!
Or, does it?
This is the underlying premise behind the question – do you have a data protection act right to be forgotten?
In 1995, the EU came up with the Data Protection Directive for its member states. According to this, any user had the right to request search engines like Google to delete their data when it was not necessary. These directives were clear about the circumstances under which these companies had to answer such a request. After a good 13 years since the laws were updated, the General Data Protection Regulation (GDPR) is upon us. This law is more granular in approach and has modified the definition of a citizen’s right to be forgotten.
New Right To Be Forgotten
Think of GDPR as the 1995 Protection Directive, albeit with teeth.
More control – that is what GDPR laws give the users. They are still empowered to place a request to the companies to delete their data. But, that’s not where it ends. Users have more control over who gets to access that data and how it can be used. Once the company has received the request to delete the data, it has to process the request as soon as possible. ‘Undue delays’ are not acceptable.
Not only this, if the company has put the data in the public domain, it has to inform all the other companies using that data about the deletion request. They have to ensure this happens by taking the necessary steps, including technical measures.
The organizations can hang on to the data if they are meeting legal obligations or if the data is being used in the public interest. In section 32 of the Data Protection Act, newspapers are exempt from the law. This is to ensure that newspapers are unstoppable from doing their jobs and dissuade the people from abusing it.
The Wars Have Begun
A law about privacy protection cannot go through without Google coming into the limelight. And come it has. Two people, referred to as NT1 and NT2, sued the tech giant in the High Court of England and Wales, over their right to forget. Google has a rather interesting take on the lawsuit. It wants to call its search results ‘journalism’ to exempt it from the data protection laws.
Elizabeth Denham, UK Information Commissioner, has come down harshly on Google’s stance. She warns that if with the approval of such an argument, Google will easily sail through the legal framework without any oversight, which is not acceptable.
That is a valid argument because companies like Google are not small platforms today. They have an unprecedented reach and access to people’s information like never before. They should be under a high degree of scrutiny to ensure that the data they have collected from the users is not used for questionable or downright malicious activities. The users should have the right to know what happens to their data and also whether such companies should keep their data.
The trial is underway, and it is the first of the many more to come. People are becoming more aware of the concept of privacy and the fate of the data they share. What happens to this trial will set the tone for the future of data privacy in the EU and the world.
That brings us to the next question – why would people want to be forgotten?