The Right To Be Forgotten (RTBF) is the concept that people have the civil right to request that personal information is removed from the Internet.
If this information – which includes content, images, and videos – is removed, then it means it can not be found online. And it no longer appears in search results.
The Right To Be Forgotten, the right to erasure, became EU law as part of the General Data Protection Regulations (GDPR) legislation introduced in 2018.
Individuals can request that data about them is removed from an organisation’s database – regardless of the reasons. It’s a concept that came under rapid fire from businesses and censorship advocates. But it stands.
But this predates GDPR. In May 2014, the European Court of Justice ruled in a Spanish case that individuals have The Right To Be Forgotten online. This ruling, within the European Union only, makes Google responsible for removing ‘irrelevant’, ‘no longer relevant’, or ‘outdated’ information from personal search results.
The ruling only applies to a personal issue. You can’t submit a Right To Be Forgotten request for any business or commercial content, images, or videos.
The cost to remove articles or images can vary depending on the amount and types of content. Companies like Igniyte might be able to help you, and you should expect to pay from £350, plus VAT per removal.
Why do people use the Right To Be Forgotten?
Irrelevant, unwanted, or dated content online can be severely damaging to your personal and professional reputation. Links to this type of information can give people a negative perception of your character. This affects both you and the people around you. It harms your job prospects, financial backing, and much more, which is why people use the Right To Be Forgotten.
Can I remove unwanted content about myself online?
Individuals can make a request, but there are specific criteria. You can not request that information is removed just because you do not like what you see.
RTBF requests involve erasing personal data from search engines. This can include press coverage, outdated articles, pictures, or videos. Even social media and directory services that publish your personal information.
Google has a long-established procedure for dealing with these requests. You can usethis form to submit a Right To Be Forgotten request.
When you make an application, Google will balance your privacy rights with what’s in the public’s interest to know and the right to distribute information. This is where it helps to have professional advice and consult experts like Igniyte, who can look into the legal aspects for you.
It’s also worth knowing that the Right To Be Forgotten also needs balancing against rights, including freedom of expression. So if the information is considered to be in the public interest is unlikely to be removed.
The Right To Be Forgotten, GDPR, and your rights
GDPR, which applies to all EU member states and organisations using EU citizens’ data (since 25 May 2018), updates the definition of the Right To Be Forgotten (based on the EU’s 1995 Data Protection Directive).
In Article 17, it keeps the 1995 Directive’s intent to allow people to request their data is deleted when it’s no longer relevant. It also increases this right, to give people more control over who can access and use their data.
Under GDPR, an EU citizen can request an organisation deletes their data if:
The data is no longer relevant to the reason it was collected.
The person withdraws their consent for their data to be used (and the organisation has no other legal basis for collecting it).
The person is objecting to their data being collected for marketing. Or where their rights override legitimate reasons in managing their data.
The data was unlawfully processed.
Deleting the data is legally required.
The data belongs to a child.
In all of these cases, the organisation must delete the data as soon as possible. If the data is public, it must take “reasonable steps, including technical measures” to inform any other entity processing the data that the subject wants it to be removed.
However, if the data is deemed to be in the public interest, the requests don’t have to be honoured.
UK law – updated
All data protection rules in GDPR still apply to UK data processing. Post-Brexit, some sections of GDPR will be enshrined into UK law as part of the European (Withdrawal) Act. There will be no change in the foreseeable future.
Reasons why Google could refuse an application
Google will assess requests case by case. The search engine can ask you for more information to inform its decision. But, the main thing to note is that Google will balance your privacy rights with what’s in the public’s interest to know and the right to distribute information. Google can and does refuse applications where there is an alternative solution, technical reason, or duplicate URL.
Many factors are taken into account, e.g., the person’s professional life, a past crime, or whether they are in a political or public position. Or it could be whether the content is self-authored, is in an open document, or is journalistic.
Google received over 845,000 requests since the 2014 ruling, asking for 3.3 million links (as of September 2019) to be removed. It has delisted about 45% of the links requested.
What do I need to apply?
To submit a request under the Right to Be Forgotten law, you need:
An EU passport or driving licence to prove your identity.
Details of the web address or link that you are requesting to be removed.
The full search term, for example, your name.
Reasoning as to why you feel the link is ‘irrelevant’, ‘not in the public interest’ or ‘outdated’. This reasoning should be aligned to the EU ruling and cite law wherever possible.
For more information, and to find out how Igniyte can help you with applications, please get in touch. The cost to remove articles or images can vary depending on the amount and types of content. Companies like Igniyte might be able to help you, and you should expect to pay from £350, plus VAT per removal.