scholarly journals How to Achieve Compliance with GDPR Article 17 in a Hybrid Cloud Environment

Sci ◽  
2020 ◽  
Vol 2 (2) ◽  
pp. 22
Author(s):  
Miriam Kelly ◽  
Eoghan Furey ◽  
Kevin Curran
Keyword(s):  
Ad Hoc ◽  
Data Repository ◽  
Hybrid Cloud ◽  
Cloud Environment ◽  
Cloud Infrastructure ◽  
General Data Protection Regulation ◽  
Right To Be Forgotten ◽  
Personally Identifiable Information ◽  
General Data ◽  
The Right

On 25 May 2018, the General Data Protection Regulation (GDPR)Article 17, the Right to Erasure (‘Right to be Forgotten’) came into force making it vital for organisations to identify, locate and delete all Personally Identifiable Information (PII) where a valid request is received from a data subject to erase their PII and the contractual period has expired. This must be done without undue delay and the organisation must be able to demonstrate reasonable measures were taken. Failure to comply may incur significant fines, not to mention impact to reputation. Many organisations do not understand their data, and the complexity of a hybrid cloud infrastructure means they do not have the resources to undertake this task. The variety of available tools are quite often unsuitable as they involve restructuring so there is one centralised data repository. This research aims to demonstrate compliance with GDPR’s Article 17 Right to Erasure (‘Right to be Forgotten’) is achievable in a Hybrid cloud environment by following a list of recommendations. However, 100% retrieval, 100% of time will not be possible, but we show that small organisations running an ad-hoc Hybrid cloud environment can demonstrate that reasonable measures were taken to be Right to Erasure (‘Right to be Forgotten’) compliant.

scholarly journals How to Achieve Compliance with GDPR Article 17 in a Hybrid Cloud Environment

Sci ◽  
2021 ◽  
Vol 3 (1) ◽  
pp. 3
Author(s):  
Miriam Kelly ◽  
Eoghan Furey ◽  
Kevin Curran
Keyword(s):  
Ad Hoc ◽  
Data Repository ◽  
Hybrid Cloud ◽  
Cloud Environment ◽  
Cloud Infrastructure ◽  
General Data Protection Regulation ◽  
Right To Be Forgotten ◽  
Personally Identifiable Information ◽  
General Data ◽  
The Right

On 25 May 2018, the General Data Protection Regulation (GDPR) Article 17, the Right to Erasure (“Right to be Forgotten”) came into force, making it vital for organisations to identify, locate and delete all Personally Identifiable Information (PII) where a valid request is received from a data subject to erase their PII and the contractual period has expired. This must be done without undue delay and the organisation must be able to demonstrate that reasonable measures were taken. Failure to comply may incur significant fines, not to mention impact to reputation. Many organisations do not understand their data, and the complexity of a hybrid cloud infrastructure means they do not have the resources to undertake this task. The variety of available tools are quite often unsuitable as they involve restructuring so there is one centralised data repository. This research aims to demonstrate that compliance with GDPR’s Article 17 Right to Erasure (“Right to be Forgotten”) is achievable in a hybrid cloud environment by following a list of recommendations. However, full retrieval, all of the time will not be possible, but we show that small organisations running an ad-hoc hybrid cloud environment can demonstrate that reasonable measures were taken to be Right to Erasure (“Right to be Forgotten”) compliant.

New Boundaries for the Right to Be Forgotten?

2020 ◽  
pp. 302-314
Author(s):  
Federica Casarosa ◽  
Dianora Poletti
Keyword(s):  
Supreme Court ◽  
Data Protection ◽  
Legal Framework ◽  
General Data Protection Regulation ◽  
National Courts ◽  
Right To Be Forgotten ◽  
The Supreme Court ◽  
General Data ◽  
Grand Chamber ◽  
The Right

The right to be forgotten has come to the forefront of the academic debate as a reaction to Court of Justice's decision in case C-507/17 Google LLC c. CNIL concerning the issue of geographical extension of the delisting obligation. Along with the development of CJEU jurisprudence, national courts have developed their own caselaw interpreting and adapting the right to be forgotten, now included in art 17 of the General Data Protection Regulation, to the pre-existing legal framework. Italian courts, and in particular the Italian Supreme Court, have addressed in several occasions the features and facets of the right to be forgotten, and the recent decision of the Grand Chamber (n. 19681, 22 July 2019) is the last though not the least. Starting form this decision, the chapter will analyse how the Supreme Court has attempted to systematise the right to be forgotten distinguishing what is called the traditional application of the right from the ones emerging in the digital context.

scholarly journals Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

2020 ◽  
Vol 9 (1) ◽  
pp. 86-101
Author(s):  
Aleksandra Gebuza
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
The Internet ◽  
Eu Law ◽  
General Data Protection Regulation ◽  
Actual Impact ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right ◽  
The Eu

AbstractThe main aim of the article is to provide analysis on the notion of the right to be forgotten developed by the CJEU in the ruling Google v. AEPD & Gonzalez and by the General Data Protection Regulation within the context of the processing of personal data on the Internet. The analysis provides the comparison of approach towards the notion between European and American jurisprudence and doctrine, in order to demonstrate the scale of difficulty in applying the concept in practice.

Where Now for the Right to Be Forgotten?

2020 ◽  
pp. 315-331
Author(s):  
Evelyn (Patsy) Kirkwood
Keyword(s):  
New Right ◽  
The Internet ◽  
General Data Protection Regulation ◽  
Search Results ◽  
Right To Be Forgotten ◽  
General Data ◽  
Use Of The Internet ◽  
The Uk ◽  
The Right ◽  
The Impact

Increased recognition of the pervasiveness of information collected and accessed has led to concern as to its impact on privacy. The ability to impact people's lives with the easy availability of information that in other eras would have remained hidden or “forgotten” is highlighted by the use of the internet for instant recall. Such information, which organizations often hold for commercial benefit, is increasingly made available through search results or from online archives. This chapter will focus on the impact of the Google Spain case, which was believed to have created a new right to be forgotten, leading to the finalization of Article 17 of the General Data Protection Regulation. The author will then examine more recent cases where the new right has been applied and their impact on defining its scope. In particular, the author will focus on the UK joined cases of NT1 and NT2.

Right to be forgotten likely to be EU-based

2019 ◽  
Keyword(s):  
Regulatory Compliance ◽  
Content Type ◽  
General Data Protection Regulation ◽  
Technology Firms ◽  
Right To Be Forgotten ◽  
Internet Users ◽  
European Court ◽  
General Data ◽  
The Right ◽  
The Cost

Subject The EU’s right to be forgotten principle. Significance An advocate-general of the European Court of Justice (ECJ) on January 10 stated the EU’s principle of ‘the right to be forgotten’ (RTBF) should only apply to internet users within the EU and not globally. The opinion does not constitute the Court’s ruling and ECJ judges do not always follow the advice of senior legal officials. The issue divides EU national authorities and large technology companies. Impacts US tech firms will continue to face fines from national EU regulators on alleged violations of the General Data Protection Regulation. EU actions against US tech firms will exacerbate transatlantic tensions. For smaller technology firms, the cost of EU regulatory compliance may be prohibitive.

scholarly journals Children and the ‘Right to be Forgotten’: what the right to erasure means for European children, and why Australian children should be afforded a similar right

2019 ◽  
Vol 170 (1) ◽  
pp. 37-46 ◽  
Author(s):  
Anna Bunn
Keyword(s):  
Data Protection ◽  
General Data Protection Regulation ◽  
Right To Be Forgotten ◽  
General Data ◽  
The Right

This article provides an overview of the right to erasure, or the right to be forgotten, in the General Data Protection Regulation (GDPR) and how it is likely to impact on children. It contrasts the position of Australian children and their European counterparts. The article considers the benefits for children of a right to erasure, as well as some of its limitations, and recommends that Australia should introduce such a right.

Liabilities of Internet Users and Providers

2017 ◽  
Author(s):  
Giovanni Sartor
Keyword(s):  
Data Protection ◽  
Conceptual Analysis ◽  
General Data Protection Regulation ◽  
Safe Harbour ◽  
Right To Be Forgotten ◽  
Internet Users ◽  
General Data ◽  
Basic Ideas ◽  
The Right ◽  
The Eu

This chapter explores the connection between host providers’ liability and data protection, particularly the right to be forgotten. A conceptual analysis provides basic ideas including privacy, publicity, and neutrality. Subsequently, host providers’ immunities in EU law are compared with safe harbour provisions in US law. Data protection exceptionalism, namely, the view that providers’ immunities do not apply to violations of data protection, is critically considered. Knowledge of illegality of hosted content as a condition for providers’ liability is examined, focusing on how different understandings of this requirement may affect providers’ behaviour. The EU General Data Protection Regulation is then considered, addressing the way it defines the interface between data protection and the role/liabilities of providers. Finally, an analysis of the right to be forgotten is proposed, focusing on how the passage of time affects the legally relevant interests involved and on how sanctions are likely to affect the actions of host providers/users.

Sign in / Sign up

Export Citation Format

Share Document