Scope of the Right to Erasure
Having laid the foundation of data protection empowerment in Chapter 2, this chapter zooms in on the GDPR’s scope of application in particular. It examines the territorial, material, and personal scope respectively, with a focus on the latter two because of their particular relevance in light of the book’s overall focus. What becomes very clear is how malleable and dynamic the nature of (personal) data is, something which will prove to be important with regard to making the right to erasure work in practice. This chapter also fleshes out the concept of controller, particularly in the context of information society services (ISS) with many different actors involved in processing the same personal data. It appears that from data subjects’ perspective, ISS providers will practically always be approachable with a right to erasure/object, even if not ultimately responsible or liable. Chapter 3 ends with describing four key derogations and exemptions in the GDPR, which may effectively lead to the inapplicability of the right to erasure. What appears from this chapter overall, is the importance of a granular and functional approach when determining the GDPR’s scope of application. This is all the more important in light of the growing complexity of the ecosystem, with many moving elements.