MLM705 Report: The Right to be Forgotten under GDPR

Verified

Added on  2022/09/28

|32
|8641
|20
Report
AI Summary
This report delves into the Right to be Forgotten, a crucial aspect of the General Data Protection Regulation (GDPR) within the European Union. It examines the legal framework surrounding data privacy and the rights of individuals to have their personal information erased from internet records. The report provides a detailed overview of the GDPR, its implications, and the circumstances under which the right to be forgotten can be invoked. It explores the historical context of the right, its codification within the GDPR, and the practical considerations for organizations and individuals. The research includes a literature review that analyzes the GDPR's impact, the challenges faced, and the balance between data protection and freedom of expression. The report also investigates research methodologies used for data collection, including the specific circumstances and advantages of data protection within the EU. Overall, the report highlights the significance of the GDPR in the digital age and its role in safeguarding individual privacy.
Document Page
Research 1
Research Methodology
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Research 2
Contents
Research Statement..........................................................................................................................4
Literature Review............................................................................................................................6
Relative Theories Perspectives......................................................................................................20
Research Questions........................................................................................................................21
Research Methodology..................................................................................................................22
Research Structure.........................................................................................................................26
Document Page
Research 3
Abstract
The General Data Protection Regulation includes the specific circumstances. This shows that
every individual have the right to have their personal data erased. The personal data of the
organization is not necessary that collected or processed it. This law shows the process that how
the data must be collected, processed and erased. This law is very much complicated. The
General Data Protection Regulation is a regulation in EU law on data protection. This law used
in the European Union for the proper data protection and privacy. The European economic area
is also affected by the law relates to the GDPR. The report relates to the right to be forgotten
which means that individual authorized by their own information deleted from the internet
records so the proper privacy can be implemented on the information. This research paper
defines the overall description of the GDPR and the research methods included for the proper
data collection that helps to maintain the research quality. 1The data can be private and protected
by the GDPR and this is specially used in the European Union. This research will examine the
law relates to the GDPR and its effects on the law of the European Union. The report describes
about the various advantages regarding the protection of the information in the particular context
of the European Union.2 The overall review of the research based on the right to forgotten on the
General Data Protection Regulation.
1 Goodman, B., & Flaxman, S. (2017). European Union regulations on algorithmic decision-making and a
“right to explanation”. AI Magazine, 38(3), 50-57.
2 Buttarelli, G. (2016). The EU GDPR as a clarion call for a new global digital gold standard.
Document Page
Research 4
Research Statement
This research paper includes the proper investigation on the concept of the GDPR that is sustain
in the European Union for the proper protection of the information. This law is all about the
privacy of the data and information and this is applied in the European Union so that the
information cannot be leaked in a proper way. This topic is all about the right to forgotten the
GDPr os that the information can be easily protected in the different manner. The General Data
Protection Regulation is included in this research report. The research statement is to conduct the
research on the Genral Data Protection Regulation that is used to protect the information in an
appropriate manner.
The extraordinary research is conducted based on GDPR occurred in the European Union. This
provides the overall data protection regulation provided to the citizens of the European Union.
The transferring of the personal data also addressed in this research process. The individual
information can be easily protected with this law and the right to forgotten puts the extraordinary
effort on the particular topic. Their information can be control properly in the overall area and it
is able to provide them overall protected information and data. This paper is all about the law of
the GDPR, which implemented in the European Union and this, includes the proper deep
discussion regarding the topic and maintains the overall process of the law.
The several organizations faced the issue of the cyber-attack and this creates many problems in
the overall business. As this law used to protect the important information of the organization
and gives them proper security. The General Data protection is the important change in the
European Union and it has own financial conditions that is applied in the several business
process and regulations.3 This law is all related to the rights of the individual and it is all related
to the right to forgotten the GDPR which is closely depends on the overall process of the
information. The right to be forgotten appears in the Recital 65 and 66 and in the article of the 17
of the GDPR. This process relates to the accessing of the personal information and to control the
data if the individuals. This research statement is all depends on the overall process of the
protection of the data that give the security and proper privacy to the information of the
individuals. The law of the right to control is meaningless when there is no action can be taken at
3 Albrecht, J. P. (2016). How the GDPR will change the world. Eur. Data Prot. L. Rev., 2, 287.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Research 5
the particular place and for the particular process. The various errors are occurred in the overall
process of the right to be forgotten. The case in which individual request to delete the data is not
considered in the absolute right. 4The European Union people are mire concern relates to the
private data and information so it is important to apply this law on the people of that place. The
personal data is not essential for the organization originally collected or processed it. This is the
process when the right to be forgotten law is applied.
The research statement shows the importance of the concept that is very much relevant to the
GDPR and this gives the overall process of the law applied in the business and the rights of the
individual. This law creates several challenges in the process of the European Union and affects
the complete rights of an individual. The overall research includes the detailed description of the
rights related to the individuals, which is overall connected with the personal and private
information to be accessed. The information need to be proper secure with this right to be
forgotten GDPR. The legislation applied in the information of the individuals is included in the
overall process and this legislation provides help in the security of the information. The research
statement includes the topic discussion and the process that gives the overall detailed description
regarding the right to be forgotten on the GDPR. This research paper is all about the examine of
the data privacy and data security that can be handled by the process of the GDPR and the
information is connected with the normal persons of the European Union.5 The research includes
the detailed review of the authors based on the GDPR and several perspectives based on the topic
of the research. The research methodologies used to collect the data is also included in the
research that helps in collecting the data relevant to the research process. 6
4 Goodman, B. W. (2016). A step towards accountable algorithms? algorithmic discrimination and the
5 Mayer-Schonberger, V., & Padova, Y. (2015). Regime change: enabling big data through Europe's new
data protection regulation. Colum. Sci. & Tech. L. Rev., 17, 315.
6 Greenleaf, G. (2016). International data privacy agreements after the GDPR and Schrems.
Document Page
Research 6
Literature Review
According to the author, GDRP is the regulation which is made on the protection of the data. It is
European Union regulation which was made in the 14 April, 2016 and was implemented on the
25 May, 2018. 7The citizens of the European Union and the European Economic Area regulate
this law so that privacy of the individual cam is maintain8. The transfer of the personal data in
this regulation can be controlled or movement of free data is allowed. The main aim of this
regulation as pre the author is that to control the personal data of the individual and to unify the
regulation to simplify the environment regulatory. 9
The right to forgotten obtained from the case of Spain SL, Google Inc V Agencia Espanola de
Proteccion de Datos, Mario Costeja Gonzalez (2014). In the first time this right to forgotten is in
codified form and to be set up in the General Data Principle Regulation (GDPR) in computation
to the right to deletion. The similar named rule firstly regulated with the deletion obligations.
According to this system there is original data must be erased immediately or it can be
withdrawn the consent and there is no other legal bases of the processing. It all must be done or
the erasure is required to fulfil a certain obligations under the law of the EU or the right of the
member states. In fact if the data is against to the law then naturally that data be erased by itself.
The controller is on one hand mechanized subject to statutory erasure obligations and on the
other hand it complies with the data that is subject to right to ensure it. The law does not describe
that how data must be erased in the each cases10. The final element is as a result it is no longer
7 Voss, W. G. (2012). Preparing for the proposed EU general data protection regulation: with or
without amendments. Bus. L. Today, 1.
8 Post, R. C. (2017). Data privacy and dignitary privacy: Google Spain, the right to be forgotten,
and the construction of the public sphere. Duke LJ, 67, 981.
9 Berberich, M., & Steiner, M. (2016). Blockchain Technology and the GDPR-How to Reconcile
Privacy and Distributed Ledgers. Eur. Data Prot. L. Rev., 2, 422.
10 Goodman, B., & Flaxman, S. (2017). European Union regulations on algorithmic decision-
making and a “right to explanation”. AI Magazine, 38(3), 50-57.
Document Page
Research 7
possible to cancel the personal data without the appropriate effort. If the data media is sufficient
then there is physical destroyed. There is using of the special software if in case there is
permanent data is overwritten.
In the matter, the right to be forgotten is obtain in the Article 17(2) of the GDPR. If there is
personal data become public and in case of the data erasure exists then there must be reasonable
measures maintained. There is considering the situations, then to inform other controllers in the
data processing that may be linked to all other personal data, as well as all copies or duplicates of
the personal data must need to be erased. There is no specific form or any subject to any
particular form in case of the reassure. In suitable way there will be no identity of the data
subject. In case there is no identification has been proven then the controller can be requested to
the additional information or may refuse to erase the data. If the high authorities ordered to erase
the data then there must be no delay in it11. It means that controller always focuses on the every
update in that and also check all the possible conditions for erasure without any delay of it.
There are certain provisions and the requirements which are contained in this regulation of the
Data Protection Directive which has been applied to the enterprise which are situated in the
European Economic area. To implement the protection of the data principles the organizational
and the technical things are measured so that the personal data can be protected12. The data are
protected by using the tools like anonymization and the psedonymization as tools are designed in
such a way that it helps in handling the personal data and also provide the safeguard. By using
this tool the data are protected at the highest priority and no personal data is publicly available.
The personal data of the person can e b used when there is the consent of the individual or the
processing is done under the lawful basis. The consent can also be revoked at any time of by the
11 Selbst, A. D., & Powles, J. (2017). Meaningful information and the right to
explanation. International Data Privacy Law, 7(4), 233-242.
12 Berberich, M., & Steiner, M. (2016). Blockchain Technology and the GDPR-How to
Reconcile Privacy and Distributed Ledgers. Eur. Data Prot. L. Rev., 2, 422.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Research 8
data subject. Any data collection has to be disclosed by the processor clearly regarding the
personal data on the lawful basis.
This right is also known as the right of the erasure. The request can be done by the individual to
erase the personal information either in writing or in the verbally. The individual get one month
to respond to the request. The right to the forgotten law can be defined as the past events which
are not occurring anymore and the silence has been made on such acts. The request of the data
can be refused and controller can ask for the additional information if there is not proven of the
identity of the individual. 13The request can be removed quickly if there is the statutory
obligation done for the request. The controller has to verify the conditions without undue delay
for the eraser of the request. This right is not guaranteed unreservedly but it is specific when
colliding the freedom of right for the expression and the information. The main aim of this
regulation as pre the author is that to control the personal data of the individual and to unify the
regulation to simplify the environment regulatory.
According to the author, this concept was arisen when the individual desires are evaluated for the
development of the life with put the stigmatized.14 This concept was evaluated in the year 2006
in the Argentina. This right was implemented so that human rights can be respected and the
concerns regarding the freedom of the expression and the privacy rights can be created. The right
to be forgotten is the balancing act which provides the end of the data privacy. 15This right
reveals the information which is already there in the public. They didn’t contain the very difficult
rules and regulations but these are the spirit of the GDPR and there are very limited exceptions in
it. This right is the fundamental key elements of the blocks for the betterment of the data
13 Nyrén, O., Stenbeck, M., & Grönberg, H. (2014). The European Parliament proposal for the
new EU General Data Protection Regulation may severely restrict European epidemiological
research. European journal of epidemiology, 29(4), 227-230.
14 Abril, P. S., & Lipton, J. D. (2014). The Right To Be Forgotten: Who Decides What the World
Forgets. Ky. LJ, 103, 363.
15 Voss, W. G., & Castets-Renard, C. (2015). Proposal for an International Taxonomy on the
Various Forms of the Right to Be Forgotten: A Study on the Convergence of Norms. Colo. Tech.
LJ, 14, 281.
Document Page
Research 9
protection practice. It also helps in the main to the compliance with the detailed provisions of the
GDPR.
It is regulated in the EU law on the protection of data and the seclusion of the general public of
the nation that is European Union and the European Economic Area.16 It is also focuses on the
superscription of the transfer of the personal data that is outside the EU and EEA areas. The
GDPR Act replaces the Data Protection Directive Act and it is designed. 17It is coordinate data
that secure and privatize the law across the Europe. Second one is it protects and authorize all the
individuals of the EU in case of data privacy. Third one is it reshape the organizations all over
the region of Europe that approaches the data privacy.
In 1998 act there is no principle related to the individual’s rights. But this is in with the provision
of Chapter III of the GDPR.
In the Act if 1998, there is no separate principle related to the transfer of personal data
internationally but now it is in the provisions of the Chapter V of the GDPR.
There is new principle dealt in it that is Accountability principle. 18This is specific in nature that
contains the responsibility that complying with the other principles. There is different and proper
processes and also maintain the proper records in place reveals that is comply.
16 Politou, E., Michota, A., Alepis, E., Pocs, M., & Patsakis, C. (2018). Backups and the right to
be forgotten in the GDPR: An uneasy relationship. Computer Law & Security Review, 34(6),
1247-1257.
17 Rodrigues, R., Barnard-Wills, D., De Hert, P., & Papakonstantinou, V. (2016). The future of
privacy certification in Europe: an exploration of options under article 42 of the
GDPR. International Review of Law, Computers & Technology, 30(3), 248-270.
18 Siry, L. (2014). Forget me, forget me not: reconciling two different paradigms of the right to
be forgotten. Ky. LJ, 103, 311.
Document Page
Research 10
That is what are the principles, already knows about what are the names of the key seven
principles that are given under the Article 5 of the GDPR Act that lie on the data protection
systems. Article 5(1) contains the personal data that shall be discuss here under-
Under Article 5 there is provision (a) It is the Lawfulness, fairness and transparency that contains
to handle the lawfully, fairly and in the form of transparent in matter to the individuals.
Provision (b), Purpose Limitations that collectively for the specification, there is direct and legal
purposes and there is no further in the process of the incompatible for those other purposes.
19There are various researches in case of the scientific, historical or the statistical purposes that
shall not contemplate the incompatible with the purpose of initials.20
Provision (c) is Data minimisation which contains the adequate, applicable and restricted in
relation to the purposes for what they are going too processed.21
Provision (d), Accuracy which contains the accuracy which is necessary to kept up to date; every
personal data that is inaccurate without any delay there will be reasonable steps must be taken in
the proper processed, and that must be rectified as soon as possible.
Provision (e), Storage limitation which contains the form of which that permits the data subjects
must be identified for no longer than it is necessary for the betterment of the personal data are
processes, and in the organisational and technical measures that required by the GDPR in case to
protect and safe the rights and freedoms of the individuals22.
19 Lee, E. (2015). Recognizing Rights in Real Time: The Role of Google in the EU Right to Be
Forgotten. UCDL Rev., 49, 1017.
20 Rustad, M. L., & Kulevska, S. (2014). Reconceptualizing the right to be forgotten to enable
transatlantic data flow. Harv. JL & Tech., 28, 349.
21 Sobolewski, M., Mazur, J., & Paliński, M. (2017). Gdpr: A step towards a user-centric
internet?. Intereconomics, 52(4), 207-213.
22 Politou, E., Michota, A., Alepis, E., Pocs, M., & Patsakis, C. (2018). Backups and the right to
be forgotten in the GDPR: An uneasy relationship. Computer Law & Security Review, 34(6),
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Research 11
Provision (f), Integrity and confidentiality which involve the matter that to ensure the security of
the personal data that contains the safeguard against the unlawful processing and also against the
loss that is accidental in nature. 23There are destruction and certain damages that are using correct
technical and organizational measures.
Under Article 5(2) contains the Accountability which contains the controller shall be in charge
for and also capable to demonstrate the compliance.24
These principles are so important; these principles are the lie in the heart of the GDPR act. They
are for the right that start in the form of the law, and also contains the information that follows
everything. They didn’t contain the very difficult rules and regulations but these are the spirit of
the GDPR and there are very limited exceptions in it.25 These principles are the fundamental key
elements of the blocks for the betterment of the data protection practice. It also helps in the main
to the compliance with the detailed provisions of the GDPR.
In case there is failure in the compliance with the principles that may leave to open to the
fundamental fines. Article 83(5) (a) defines that if there is infringement of the main basic
principles for the personal data that are subject to the highest administrative fines. This means
1247-1257.
23 Voss, W. G. (2016). European union data privacy law reform: General data protection
regulation, privacy shield, and the right to delisting. Business Lawyer, 72(1), 221-233.
24 van Hoboken, J. (2013). The Proposed Right to Be Forgotten Seen from the Perspective of Our
Right to Remember. Freedom of Expression Safeguards in a Converging Information
Environment, Amsterdam, dostupno na: http://www. law. nyu.
edu/sites/default/files/upload_documents/VanHoboken_RightTo% 20Be%
20Forgotten_Manuscript_2013.
25 Safari, B. A. (2016). Intangible privacy rights: How europe's gdpr will set a new global
standard for personal data protection. Seton Hall L. Rev., 47, 809.
Document Page
Research 12
that a fine may up to the €20 million or may be 4% of the total all over world annual turnover,
whichever is higher in the number.
As per the author there are the certain general provisions which have to applied on the person
who is based on the European. The European is the one who collects data from the resident such
as data controller, the person which is based in the EU such as data subject and the person who is
located inside the EU. If any processing of the data for the household activity and is not
concerned with the commercial or the professional activity then regulation does not apply.
As per the commission of the European, any information which identifies the personality of the
individual or helps in relating with the individual then that information is known as the personal
data. If the information are not that much relevant and the person is difficult to identify then the
things have to consider to identify the individual. To identify any individual there should be
certain information which has to be keep into the account
In the article of 4 of the regulations, there are the certain definitions which are stated such as
processing, personal data, data subject, processor and controller, etc. this regulation is not apply
to certain things in the EU such as law enforcement activities and the personal data for the
national security26. The disclose mint of the personal data many not be enforceable as per the
author if there is the mutual legal assistance treaty.
According to the author, there are the certain principles of this act or the regulation which has to
comply by all the European people. There should be one legal basis to do these principles which
is stated in the Article 6. As pre the rule or the principle the legal obligation of the data controller
should comply with this article. As per the law the act should be free and lawful and there should
be transparency in the work27. The purpose is limited to protect the security of the individual.
26 Myers, C. (2014). Digital immortality vs.“The right to be forgotten”: A comparison of US and
EU laws concerning social media privacy. Revista Română de Comunicare şi Relaţii
Publice, 16(3), 47-60.
27 Townend, J. (2017). Data protection and the ‘right to be forgotten’in practice: A UK
perspective. International Journal of Legal Information, 45(1), 28-33.
chevron_up_icon
1 out of 32
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]