The ICO right to be forgotten or the right to erasure refers to an individual’s right to control the storage, processing, and sharing of personal data. This can be exercised through an oral or written request.
The ICO right to be forgotten has received a lot of media attention. It can be confusing to understand the right I know how to exercise it.
In this article, we provide an in-depth ICO right to be forgotten guide. This will tell you everything you need to know about exercising the right.
What is ICO Right to be Forgotten?
The ICO right to be forgotten is intended to grant greater data protection to individuals. This is primarily applicable in the European Union. The right to be forgotten was formally recognized for the first time within the General Data Protection Regulation. After this, many countries have acted their own legislations and grant the right to be forgotten.
As per the ICO right to be forgotten, any individual can submit a request for permanent removal of information. This needs to be submitted directly to the organization or the company processing the data. After receiving the request, the company has 30 days to take an action.
In some cases, the companies are allowed to take more time before the removal of data. The two common conditions or when the identity of the individual needs to be verified or a fee needs to be submitted. However, this is discouraged by the ICO.
Is ICO Right to be Forgotten Available to Everyone?
The ICO right to be forgotten is applicable to the citizens or residents of the European Union. An interesting thing to note here is that the location of the company which is storing or processing the data is irrelevant.
For example, if a citizen of the year wishes to find a right to be forgotten request against a company working in South Korea, she will be able to do this. Any company which deals with the data of citizens or residents of the European Union is liable under the GDPR.
Another thing to keep in mind is that the ICO right to be forgotten is not available to companies or organizations. This can only be exercised by individuals.
While the general data protection regulation is only applicable for EU citizens and residents, there are many domestic legislations. Apart from this, the courts in many countries have recognized the right to be forgotten.
Before exercising the right, you need to verify if the same is available to you. Further, keep in mind that each country has established a different way of submitting a request.
So there you go – that’s the complete guide on ICO right to be forgotten. You should keep in mind that the right is broadly framed to allow greater control to the individuals. There is no specified way of exercising the right.
However, you should still follow the specified template. This will ensure that all the relevant information is provided in the request. If you don’t do this, it will simply give the companies an easy opportunity to reject the request.
What is the ICO right to be forgotten?
The ICO right to be forgotten is the date of election right available to individuals. As per this, an individual can demand the permanent removal of personal information.
Can I ask for my personal data to be deleted under the GDPR?
Yes! You can ask the personal data to be deleted under the GDPR. For this, you will have to provide appropriate reasons mentioned under article 17 of the GDPR.
In what conditions can you refuse to erase personal data?
A company can refuse to delete personal data if it is in the interests of the public, protected within the right to freedom of speech and expression, in compliance with the law, etc.
How long do you have to erase data under GDPR?
As per the GDPR, a company has an obligation to comply within 30 days. They need to communicate the decision to raise or not to raise the data within this time. If you decide to remove data, the same needs to be done within 30 days itself.