Right to be Forgotten

The right to be forgotten is a legal right defined by the GDPR that allows persons in the EU to request that their data be deleted.

What is the right to be forgotten?

The “right to be forgotten” is the concept that an individual’s personal data stored by an organization or service provider has to be erased at the individual’s request. It is a legal right granted under the General Data Protection Regulation (GDPR), which protects the personal data of individuals in the European Union (EU). However, the right to be forgotten is not an absolute right: it does not always apply to jurisdictions outside the EU, and there are certain additional circumstances when an individual may not be able to delete their data.

Suppose Alice signs up for a monthly email newsletter about French wine but later decides that she prefers Belgian beer to French wine, and therefore, the newsletter is no longer relevant to her. As a result, she unsubscribes from the wine newsletter. The right to be forgotten ensures that in addition to unsubscribing (as required by the ePrivacy Directive), she can request that the newsletter publisher delete her name, email address, and all other personal information from their records.

This right has also been used to remove certain types of personal information from search engine results. For instance, individuals have the right to remove personal information about themselves from search results pages (within certain limits), requiring search engines like Google not to display links to pages where that information appears.

Right to be forgotten vs. right to erasure

This right is called the “right to erasure” in the GDPR. However, it is commonly referred to as the right to be forgotten.

The concept of a right to be forgotten predates the GDPR and has been invoked in previous legal cases. However, the GDPR-defined “right to erasure” is more precise; it includes the conditions of when the right does and does not apply, and it gives organizations a timeline of one month to respond to erasure requests.

What is the GDPR?

The GDPR (General Data Protection Regulation) is a data privacy legal framework for data collection and processing within the EU. The GDPR contains several requirements for data processing, collection, and handling, along with defining several rights for “data subjects,” meaning individuals in the EU. One of these rights is the right to erasure, described in GDPR Article 17.

Does the GDPR right to be forgotten apply outside of the EU?

Recent court rulings have indicated that while online information providers (such as search engines) can be required to eliminate information within a specific jurisdiction, they do not have to remove it globally. An individual can have their data erased from search results within the EU, but users in non-EU countries may still see this data in their search results.

How can someone exercise their right to be forgotten?

The GDPR does not define a specific process for an individual to exercise their right to be forgotten. So long as the request reaches the data controller or processor and meets certain conditions, it should be considered a valid request, and the individual’s personal data should be erased.

Individuals can make such a request either verbally or in writing. Once the data controller or processor receives the request, they have one month to respond — either by erasing the requested data or providing a reason why the data cannot be erased.

Typically, the individual must provide specific information along with their request, such as confirmation of their identity, what data they want erased, and a reason for the erasure.

Reasons for exercising this right can include:

  • The purpose for which the data was collected no longer applies
  • The individual revokes their consent to data collection
  • The organization is using the data for marketing, and the individual objects to this usage
  • The organization collected or processed the data unlawfully
  • There is a legal obligation for the organization to delete the data
  • The individual objects to their data being processed, and the processor has no legitimate interest in processing the data

More information can be found in GDPR Article 17.

When does the right to be forgotten not apply?

Individuals may not be able to erase their data under several different circumstances. For instance, the right to erasure does not apply when it conflicts with the right to freedom of expression. For example, a politician could not use the right to be forgotten to remove a critical newspaper article from a website. Other times when the right does not apply include the following:

  • The data is being used to comply with a legal obligation
  • The data is used for performing a task that is in the public interest
  • The data is used for archiving in the public interest for scientific, historical, or statistical research, and the erasure is likely to impair the research seriously
  • The data is part of a legal defense

There are several other cases as well. The complete list of when the right does not apply can be found in GDPR Article 17.

How does the right to be forgotten relate to the Fair Information Practices?

The Fair Information Practices are data collection and usage guidelines developed in the US in the 1970s. While the Fair Information Practices are not part of any legal framework, many data privacy regulations in force today are roughly aligned with them.

One of these practices is the individual participation principle, which holds that individuals have several rights, including the right to correct or erase their personal data.

What other rights do individuals have under the GDPR?

The GDPR gives individuals several rights regarding personal data usage, including:

  • Right to be informed: Individuals must be given easy-to-understand information about how their data is collected and processed
  • Right to data portability: Individuals can transfer their data from one data controller to another
  • Right of access: Individuals have the right to obtain a copy of collected personal data
  • Right to rectification: Individuals can correct inaccurate data about themselves
  • Right to restrict processing: Under certain circumstances, individuals can limit the way their personal data is being processed
  • Right to object: Individuals can object to data collection and processing, and the data controller or processor must provide legitimate reasons for using the data (reasons that are not related to direct marketing)
  • Right to object to automated processing: Individuals can object to a decision that legally affects them that is based on automated data processing

Learn more in What is the GDPR?


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

Please enter CoinGecko Free Api Key to get this plugin works.