The right to be forgotten, the right to be forgotten or the right to be forgotten is a right for citizens of the European Union to have certain outdated or inaccurate and privacy -sensitive information removed by processors of personal data. In practice, this right is mainly used to remove the search results of searches for a person’s name with an internet search engine . The right to be forgotten is laid down in Article 17 of the General Data Protection Regulation (GDPR). Those who want to make use of this right must contact the owner of the search engine itself, the European Court of Justice has stated decided on 13 May 2014. Thus, a search engine does not necessarily have a special button to delete data from a database; an explicit request must first be submitted.
The right to be forgotten arose from the so-called Cotija judgment of the European Court of Justice on 13 May 2014 (case number C-131/12). The reason was a case brought by a Spaniard with that name. Google searched for a newspaper article from 1998 announcing the forced sale of the Spaniard’s assets. Because the man thought the information had lost its relevance – and therefore only damaged his reputation – he started a lawsuit against the newspaper and Google. The court ruled that Google can be regarded as a processor of personal data, so that such search engines will henceforth be subject to the European Privacy Directive ( Directive 95/46/EC ).) would fall. As a result, Google had to remove the affected search results for Cotija on all European Google domains. The newspaper article itself could, however, remain online Right to be forgotten UK.
In the right to forget, two so-called fundamental rights from the European Convention on Human Rights (ECHR) conflict, namely Article 8 of the ECHR, the right to privacy and Article 10 of the ECHR, the right to freedom of information . For this reason, every request to remove search results not only considers the relevance and correctness of the information concerned, but also weighs the importance of the privacy of the person concerned against the public interest in the availability of that information.
Originally, the Personal Data Protection Act (WBP) existed in the Netherlands. Specifically, Articles 36 and 40 of the WBP formed the basis for the right to be forgotten and imposed obligations on data processors if there is either incorrect or irrelevant data or special personal circumstances of the person whose data is being processed.
From 25 May 2018, the General Data Protection Regulation (GDPR) applies in the Netherlands. Since that time, the same privacy legislation applies throughout the European Union. The right to be forgotten is governed by Article 17 of the GDPR.
When does the right to be forgotten apply?
An organization is obliged under European law to delete personal data in the following cases. The data is no longer necessary for the purposes for which the organization collected or processed it
- The data subject has withdrawn previously given consent
- The person concerned objects
- The data has been unlawfully processed by the organization
- A legally determined retention period has expired
- The data subject is younger than 16 years of age and the personal data obtained via an app or a website.
If a request to a search engine is rejected, mediation can be requested from the Dutch Data Protection Authority (AP) within six weeks of the rejection. If the AP considers the request to be valid, it will again request the relevant search engine to remove the search results. In most cases, such requests are successful. In extreme cases one can also try to enforce removal by means of a petition procedure at the court.
In Belgium, citizens can submit a motivated request in the same way to the search engines via an online form, with proof of their identity and stating the reason. If this request is rejected, one can try to get it right through the Privacy Commission , or possibly later through the court.