top of page

The Right to Be Forgotten: Safeguarding Personal Data in the Digital Age

In today's digital landscape, the dissemination of personal information on the internet has become ubiquitous. Individuals often find themselves confronted with outdated, inaccurate, or irrelevant information that may harm their reputation or infringe upon their privacy. In response to these challenges, the concept of the "right to be forgotten" has emerged as a means to empower individuals to regain control over their personal data online.

Originating from a landmark ruling by the Court of Justice of the European Union in Case C-131/12 on May 13, 2014, the right to be forgotten has since been enshrined in the General Data Protection Regulation (GDPR) 679/2016. This regulation defines the right to be forgotten as the entitlement to promptly obtain the erasure of personal data concerning oneself. The regulation outlines specific circumstances under which this right can be exercised:

  1. When personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  2. When the data subject withdraws consent for processing.

  3. When the data subject objects to the processing of their data, and there are no overriding legitimate grounds for the processing.

  4. When the personal data have been unlawfully processed.

  5. When erasure is necessary to comply with a legal obligation.

To request the right to be forgotten, individuals can typically utilize online forms provided by major search engines such as Google, Bing, or Yahoo. While there is no prescribed time limit for submitting such requests, individuals are encouraged to act promptly to protect their privacy rights.

Upon receiving a request for delisting, search engines evaluate its merits in accordance with the GDPR and relevant national laws, such as the Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee. If a request is denied or if the individual disagrees with the decision, they may escalate the matter to the Spanish Data Protection Agency (AEPD) and file a complaint.

In cases where the individual remains dissatisfied with the AEPD's ruling, they may pursue a discretionary appeal for reconsideration. Alternatively, they may choose to pursue legal recourse through administrative courts.

In summary, the right to be forgotten serves as a legal mechanism to prevent the indefinite retention of personal information online against the wishes of the data subject. By empowering individuals to control their digital footprint, this right upholds fundamental principles of privacy and autonomy in the digital age.

13 views0 comments


bottom of page