The Right to be forgotten is a term that refers to the protection of personal data, the right to honor, privacy and the image of people. The Right to Oblivion also has to do with Habeas Data, that is, with the right to request and obtain existing data about oneself and to request that such data be deleted or corrected, either because they are false or because they are outdated.
In other words, Habeas Data is an action that any citizen can exercise when their data is no longer valid. The Right to Deletion of Personal Data or Right to be forgotten It is the right that a user has to the erasure of their personal data, including the online environment.
Right to be forgotten on the Internet
The Internet, by combining a large storage capacity and allowing data to be located in seconds easily, using its search engines, could spell the end of oblivion. Basically, because people might think that the past that is on the Internet cannot be erased. Which implies a great challenge for the laws and their work to ensure that people’s Right to Be forgotten is respected. Therefore, it is essential to make the pertinent claims to achieve the removal or digital lock of information, in two ways:
- Against the medium that originally published the information, such as newspapers, websites, the radio or others.
- Against the Internet browser.
In fact, the last Transparency Report of Google, reflected that since 2014 they have received 802,259 requests for Deletion of Personal Data, only of European citizens.
Then, Search engines have a duty to remove from their results listings, any link that violates the rights of citizens. The companies that own the Internet browser They are responsible for approving or disapproving requests that people make to modify or delete their data. These requests must be evaluated individually, so the companies that own the search engines are advised to handle them properly.
On the other hand, when a request for the Right to Suppression of Personal Data is rejected, the affected person can take legal action against the company. These actions are intended to force search engines to remove the information and even to pay compensation to those affected.
Right to be forgotten in the European Union (EU)
On May 13, 2014, the Court of Justice of the European Union (CJEU) published a sentence for the protection of people’s data. This sentence forces Internet search engines, such as Google, Yahoo! Y Bing to comply with the personal data protection regulations.
Which in practice means that search engines must offer any user the Right to Delete Personal Data on the internet. This deletion or blocking of people’s data was called the Right to Forget.
Right to be forgotten in Spain
After the CJEU issued the sentence on the Right to be forgotten In 2014, Spain became the fifth European country with the most requests for Right to be forgotten. In fact, in 5 years, Spain has registered before Google, a total of 76,893 requests on 249,359 Internet pages.
In the case of business reports, the Organic Law on Protection of Personal Data (LOPD) establishes that only the data necessary to determine the economic solvency of the people will be transferred.
It also provides that when the data are adverse to people, they are not older than six years, provided there is truthfulness in relation to their current situation.
In other words, this law regulates the Right to Suppression of Personal Data in Spain, in accordance with the provisions of the European Union.
For its part, Spanish Agency for Data Protection (AEPD) define the Right to be forgotten such as that of requesting the deletion of personal data in search engines. This definition is within the aforementioned sentence of the Court of Justice of the European Union (CJEU).
On the other hand, the General Data Protection Regulation (RGPD) of the European Union extends the scope of this right beyond internet search engines. In fact, the GDPR establishes the Rights of Rectification, Suppression and Limitation of access to personal data information.
When does the Right to be Forgotten apply?
The RGPD unifies and standardizes the guidelines on how companies must collect and process the personal data of their clients, therefore it includes the Right to be Forgotten. The interested person may invoke their Right to Suppression of Personal Data and the service provider will be obliged to do so, in the following cases:
- When the data is no longer required.
- When the consent granted at the time the data was collected is withdrawn.
- When they have been collected for illegal purposes.
- When the data must be deleted due to a legal obligation.
- In the case of data of minors under 16 years of age, which have been collected without the authorization of their representatives.
Then, the service provider, who acts as a data processor, whenever these cases occur has the obligation to apply the Right to be forgotten.
What happens if the Right to be Forgotten is not respected?
Once the assumptions indicated above have been fulfilled, if the person responsible for the service refuses to delete the personal data, the user must communicate it to the Spanish Agency for Data Protection (AEPD). Well the AEPD is responsible, in Spain, for the protection of this right, so this Agency is the way to file a claim for non-compliance.
Now, the user can only go to the AEPD once you have requested the fulfillment of your Right to be forgotten to the service provider. And if it has not responded to your request in a reasonable time or simply denied the right, you should report it to the AEPD.
You may also be interested in reading about the dangerousness of viral challenges.