EU right to be forgotten law grants protection to citizens of the European Union. As per this, an individual can request the permanent removal of information from the internet. This is provided to protect the privacy and personal data of individuals.
In this article, we provide an in-depth review of the EU right to be forgotten law.
What Is EU Right To Be Forgotten Law?
The EU right to be forgotten law protects the privacy of individuals. As per this, any citizen of the EU can raise a verbal or written request for deletion of personal data. If a request is raised, then the organization needs to reply within 30 days. Further, the organization needs to ensure that the information is permanently deleted from all its databases.
The EU right to be forgotten law grants protection in the following situations:
- The data was collected for a particular purpose and is no longer required.
- The data was collected on the basis of the individual’s consent, who has now withdrawn it.
- The data does not meet any legitimate purpose.
- The data is used for direct marketing, and the individual does not wish to be part of it.
- The data was collected in an illegal or unlawful manner.
- The data must be deleted to comply with the law or legal order.
There are certain conditions in which an organization can refuse to delete personal data. In such cases, the organization needs to clarify within 30 days and clearly state the reasons for refusal to delete. The individual will then have to challenge the organization in court.
How To Exercise EU Right To Be Forgotten Law?
The right to be forgotten law can be exercised by submitting a request. There is no standard format for submitting such a request. Keep in mind that it should all the information is listed below:
- Details of the informant: While submitting the request, you need to provide some personal information for the purpose of identification. This includes your name, contact details, address, etc.
- Are you the data subject: The data subject is the person whose personal data has been stored. You need to specify whether you are the data subject or if you are submitting the request on behalf of someone.
- Details of the data subject: If you are not the data subject, then you need to provide details, including the name, address, contact details, etc., of the data subject. Along with this, you also need to provide proof of identity and proof of address. This includes utility bills, bank statements, government issued identity, etc.
- Reason for requesting erasure: Article 17 of the GDPR specifies reasons under which the EU right to be forgotten law can be exercised. You need to provide clear reasons behind submitting the request for erasure.
- Details of the data: You need to provide the details of the data sought to be removed. This needs to be very specific. You also need to provide the URL where the data has been published. Further, you need to clarify that the data does belong to you if it is no clarity on a plain reading.
- Declaration: Finally, while submitting a request under the EU right to be forgotten law, you need to submit a declaration that everything mentioned in the form is true.
What is the right to be forgotten law?
The right to be forgotten is granted by the GDPR. This is also known as the right to erasure. As per this, any individual can request the permanent removal of personal data from the internet.
What activity does the European Union’s right to be forgotten law help regulate?
The EU right to be forgotten law regulates the possession and processing of personal data of EU citizens.
What does the right to be forgotten GDPR mean?
The right to be forgotten means that an individual has the right to request personal information to be removed such that it is “forgotten.”
Does the right to be forgotten apply to companies?
Yes! Companies have an obligation to comply with the EU right to be forgotten law. It needs to reply to a request for the removal of information within 30 days.