Right to be forgotten likely to be EU-based

Technology Firms ◽

Right To Be Forgotten ◽

Internet Users ◽

European Court ◽

General Data ◽

The Right ◽

The Cost

Subject The EU’s right to be forgotten principle. Significance An advocate-general of the European Court of Justice (ECJ) on January 10 stated the EU’s principle of ‘the right to be forgotten’ (RTBF) should only apply to internet users within the EU and not globally. The opinion does not constitute the Court’s ruling and ECJ judges do not always follow the advice of senior legal officials. The issue divides EU national authorities and large technology companies. Impacts US tech firms will continue to face fines from national EU regulators on alleged violations of the General Data Protection Regulation. EU actions against US tech firms will exacerbate transatlantic tensions. For smaller technology firms, the cost of EU regulatory compliance may be prohibitive.

Retention in “the right to be forgotten” scenario: a records management examination

Records Management Journal ◽

10.1108/rmj-11-2015-0038 ◽

2016 ◽

Vol 26 (3) ◽

pp. 279-292 ◽

Cited By ~ 2

Author(s):

Sherry Li Xie

Keyword(s):

Data Protection ◽

Analytical Framework ◽

Legal Framework ◽

Records Management ◽

Content Type ◽

Right To Be Forgotten ◽

European Court ◽

General Data ◽

Purpose This paper, through examining the judgment on Case C-131/12 and the European Union (EU)’s Proposal for a General Data Protection Regulation, aims to demonstrate to the records management (RM) profession, the importance of being proactively involved in records creation identification and the challenges of performing sound retention analyses for newly emerging activities. It also serves as a call to the RM profession that more active participation in law-making processes is needed. Design/methodology/approach The research selects the current right to be forgotten phenomenon as an illuminating case and examines it with fundamental RM concepts and principles, in particular those relating to records creation and retention. The research process consists of three major parts: one, the establishment of an analytical framework based on RM theories; two, description of the selected case that is relevant to the analysis; and three, the application of the analytical framework to the described case. Findings Records retentions are much needed for the activities of data controllers that are now established by the most recent Judgment of the European Court of Justice pertinent to the right to be forgotten and the proposed General Data Protection Regulation. The determination of retention periods for such activities requires an RM framework that synthesizes the identification of digital records and the various types of value associated with the different usages of records. It is also observed that the data protection legal framework does not address RM considerations, or at least, not in any explicit, easily recognizable manners. Research limitations/implications Records retentions are much needed for the activities of data controllers and/or processors that are now required by the Judgment of the European Court of Justice and the proposed EU General Data Protection Regulation, yet the legal framework does not offer any assistance in establishing retentions. It is also observed that the data protection legal framework fully acknowledges the importance of records but fails to address RM considerations – at least, not in any explicit, easily recognizable manners. Practical implications The findings are expected to be instructive to data controllers and/or processors, in particular with respect to records creation identification and records retention establishment in their organizations. It is also expected that the observations generated during the analysis process could shed light on the development of the RM profession. Social implications The right to be forgotten in the digital world has newly acquired complications, and it has the potential to affect not just the privacy right but also the rights considered conflicting to it, such as the rights of freedom of press and freedom of expression/speech. Efficient and effective RM programs should be able to assist their parent organizations in dealing with this complicated situation through creating and managing records that support the compliance of regulatory requirements on the one hand and the balancing of competing rights on the other hand. Originality/value The research appears to be the first of its kind according to the literature search conducted within the accessibility scope of the researcher.

Liabilities of Internet Users and Providers

10.1093/acprof:oso/9780198807216.003.0006 ◽

2017 ◽

Cited By ~ 1

Author(s):

Giovanni Sartor

Keyword(s):

Data Protection ◽

Conceptual Analysis ◽

Safe Harbour ◽

Right To Be Forgotten ◽

Internet Users ◽

General Data ◽

Basic Ideas ◽

The Right ◽

The Eu

This chapter explores the connection between host providers’ liability and data protection, particularly the right to be forgotten. A conceptual analysis provides basic ideas including privacy, publicity, and neutrality. Subsequently, host providers’ immunities in EU law are compared with safe harbour provisions in US law. Data protection exceptionalism, namely, the view that providers’ immunities do not apply to violations of data protection, is critically considered. Knowledge of illegality of hosted content as a condition for providers’ liability is examined, focusing on how different understandings of this requirement may affect providers’ behaviour. The EU General Data Protection Regulation is then considered, addressing the way it defines the interface between data protection and the role/liabilities of providers. Finally, an analysis of the right to be forgotten is proposed, focusing on how the passage of time affects the legally relevant interests involved and on how sanctions are likely to affect the actions of host providers/users.

Europe's national regulators hold key to GDPR success

Emerald Expert Briefings ◽

10.1108/oxan-db243916 ◽

2019 ◽

Keyword(s):

Data Protection ◽

Public Awareness ◽

Personal Data ◽

Content Type ◽

Right To Be Forgotten ◽

General Data ◽

The Right ◽

Robust Regulation

Subject GDPR appraisal and outlook. Significance May 25, 2019 is the first anniversary of the EU’s General Data Protection Regulation (GDPR). The GDPR enhanced the rights of citizens regarding their personal data, including by giving them the ‘right to be forgotten’, and tightened controls on how organisations and businesses collect, store and process such data. Impacts A key shortcoming is ensuring the compliance of business beyond ‘big tech’. Public awareness of the GDPR in smaller EU states will lag that in larger states. Criticism of the Irish regulator will rise if it fails to demonstrate a clearer commitment towards robust regulation.

How to Achieve Compliance with GDPR Article 17 in a Hybrid Cloud Environment

Sci ◽

10.3390/sci2020022 ◽

2020 ◽

Vol 2 (2) ◽

pp. 22

Author(s):

Miriam Kelly ◽

Eoghan Furey ◽

Kevin Curran

Keyword(s):

Ad Hoc ◽

Data Repository ◽

Hybrid Cloud ◽

Cloud Environment ◽

Cloud Infrastructure ◽

Right To Be Forgotten ◽

Personally Identifiable Information ◽

General Data ◽

On 25 May 2018, the General Data Protection Regulation (GDPR)Article 17, the Right to Erasure (‘Right to be Forgotten’) came into force making it vital for organisations to identify, locate and delete all Personally Identifiable Information (PII) where a valid request is received from a data subject to erase their PII and the contractual period has expired. This must be done without undue delay and the organisation must be able to demonstrate reasonable measures were taken. Failure to comply may incur significant fines, not to mention impact to reputation. Many organisations do not understand their data, and the complexity of a hybrid cloud infrastructure means they do not have the resources to undertake this task. The variety of available tools are quite often unsuitable as they involve restructuring so there is one centralised data repository. This research aims to demonstrate compliance with GDPR’s Article 17 Right to Erasure (‘Right to be Forgotten’) is achievable in a Hybrid cloud environment by following a list of recommendations. However, 100% retrieval, 100% of time will not be possible, but we show that small organisations running an ad-hoc Hybrid cloud environment can demonstrate that reasonable measures were taken to be Right to Erasure (‘Right to be Forgotten’) compliant.

The Right to Be Forgotten: A Controversial Topic Under the General Data Protection Regulation

Legal Science: Functions, Significance and Future in Legal Systems I ◽

10.22364/iscflul.7.26 ◽

2019 ◽

Author(s):

Jorida Xhafaj ◽

Keyword(s):

Data Protection ◽

Right To Be Forgotten ◽

Controversial Topic ◽

General Data ◽

Personal Data Protection and Legal Developments in the European Union - Advances in Information Security, Privacy, and Ethics ◽

New Boundaries for the Right to Be Forgotten?

10.4018/978-1-5225-9489-5.ch015 ◽

2020 ◽

pp. 302-314

Author(s):

Federica Casarosa ◽

Dianora Poletti

Keyword(s):

Supreme Court ◽

Data Protection ◽

Legal Framework ◽

National Courts ◽

Right To Be Forgotten ◽

The Supreme Court ◽

General Data ◽

Grand Chamber ◽

The right to be forgotten has come to the forefront of the academic debate as a reaction to Court of Justice's decision in case C-507/17 Google LLC c. CNIL concerning the issue of geographical extension of the delisting obligation. Along with the development of CJEU jurisprudence, national courts have developed their own caselaw interpreting and adapting the right to be forgotten, now included in art 17 of the General Data Protection Regulation, to the pre-existing legal framework. Italian courts, and in particular the Italian Supreme Court, have addressed in several occasions the features and facets of the right to be forgotten, and the recent decision of the Grand Chamber (n. 19681, 22 July 2019) is the last though not the least. Starting form this decision, the chapter will analyse how the Supreme Court has attempted to systematise the right to be forgotten distinguishing what is called the traditional application of the right from the ones emerging in the digital context.

The benefits and challenges of general data protection regulation for the information technology sector

Digital Policy Regulation and Governance ◽

10.1108/dprg-05-2019-0039 ◽

2019 ◽

Vol 21 (5) ◽

pp. 510-524 ◽

Cited By ~ 3

Author(s):

Nazar Poritskiy ◽

Flávio Oliveira ◽

Fernando Almeida

Keyword(s):

Information Technology ◽

Data Protection ◽

The State ◽

Quantitative Methodology ◽

Content Type ◽

European Data ◽

General Data ◽

The Right ◽

The Impact

PurposeThe implementation of European data protection is a challenge for businesses and has imposed legal, technical and organizational changes for companies. This study aims to explore the benefits and challenges that companies operating in the information technology (IT) sector have experienced in applying the European data protection. Additionally, this study aims to explore whether the benefits and challenges faced by these companies were different considering their dimension and the state of implementation of the regulation.Design/methodology/approachThis study adopts a quantitative methodology, based on a survey conducted with Portuguese IT companies. The survey is composed of 30 questions divided into three sections, namely, control data; assessment; and benefits and challenges. The survey was created on Google Drive and distributed among Portuguese IT companies between March and April of 2019. The data were analyzed using the Stata software using descriptive and inferential analysis techniques using the ANOVA one-way test.FindingsA total of 286 responses were received. The main benefits identified by the application of European data protection include increased confidence and legal clarification. On the other hand, the main challenges include the execution of audits to systems and processes and the application of the right to erasure. The findings allow us to conclude that the state of implementation of the general data protection regulation (GDPR), and the type of company are discriminating factors in the perception of benefits and challenges.Research limitations/implicationsThis study has essentially practical implications. Based on the synthesis of the benefits and challenges posed by the adoption of European data protection, it is possible to assess the relative importance and impact of the benefits and challenges faced by companies in the IT sector. However, this study does not explore the type of challenges that are placed at each stage of the adoption of European data protection and does not take into account the specificities of the activities carried out by each of these companies.Originality/valueThe implementation of the GDPR is still in an initial phase. This study is pioneering in synthesizing the main benefits and challenges of its adoption considering the companies operating in the IT sector. Furthermore, this study explores the impact of the size of the company and the status of implementation of the GDPR on the perception of the established benefits and challenges.

Dude, where's my data? The GDPR in practice, from a consumer's point of view

Information Technology and People ◽

10.1108/itp-08-2019-0433 ◽

2020 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Hanne Sørum ◽

Wanda Presthus

Keyword(s):

Design Methodology ◽

Point Of View ◽

Consumer Market ◽

Content Type ◽

General Data ◽

Data Portability ◽

The Right ◽

Data Subject

PurposeThis paper investigates the European Union's General Data Protection Regulation (GDPR) in information systems (ISs). The GDPR consists of 99 articles, and two articles are emphasised – namely Article 15, which deals with rights of access by the data subject, and Article 20, which deals with the right to data portability.Design/methodology/approach15 companies operating in the Norwegian consumer market were randomly selected. Each company received an inquiry pertaining to rights of access by the data subject (Article 15) and the right to data portability (Article 20). The research team carefully analysed the answers received and categorised the responses according to the two articles emphasised.FindingsThe findings show extensive variations among the companies in terms of response time, quality of feedback and how companies handle requests concerning rights of access by the data subject (Article 15) and the right to data portability (Article 20). Differences are also pertaining to the types of files, along with the content of these files. It should be noted, however, that most of the companies replied to the inquiry before the deadline. The findings show that companies comply better with Article 20 than Article 15. However, it appears that they do not differentiate between the two articles.Originality/valueThis study explores a research topic that is relatively new. It addresses a gap in the extant research by highlighting how the GDPR works in practice from a consumer's perspective. In addition, guidelines are offered to the consumers and companies affected by the GDPR.

Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

Wroclaw Review of Law Administration & Economics ◽

10.2478/wrlae-2019-0006 ◽

2020 ◽

Vol 9 (1) ◽

pp. 86-101

Author(s):

Aleksandra Gebuza

Keyword(s):

Data Protection ◽

Personal Data ◽

The Internet ◽

Eu Law ◽

Actual Impact ◽

Right To Be Forgotten ◽

General Data ◽

The Right ◽

The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

Personal Data Protection and Legal Developments in the European Union - Advances in Information Security, Privacy, and Ethics ◽

Where Now for the Right to Be Forgotten?

10.4018/978-1-5225-9489-5.ch016 ◽

2020 ◽

pp. 315-331

Author(s):

Evelyn (Patsy) Kirkwood

Keyword(s):

New Right ◽

The Internet ◽

Search Results ◽

Right To Be Forgotten ◽

General Data ◽

Use Of The Internet ◽

The Uk ◽

The Right ◽

The Impact

Increased recognition of the pervasiveness of information collected and accessed has led to concern as to its impact on privacy. The ability to impact people's lives with the easy availability of information that in other eras would have remained hidden or “forgotten” is highlighted by the use of the internet for instant recall. Such information, which organizations often hold for commercial benefit, is increasingly made available through search results or from online archives. This chapter will focus on the impact of the Google Spain case, which was believed to have created a new right to be forgotten, leading to the finalization of Article 17 of the General Data Protection Regulation. The author will then examine more recent cases where the new right has been applied and their impact on defining its scope. In particular, the author will focus on the UK joined cases of NT1 and NT2.