Why We Need to Align International Laws on the Right to Be Forgotten

Should our UK law on the Right to be Forgotten and digital obscurity be better aligned with those of Europe? It seems the European Court of Human Rights (which the UK remains part of post-Brexit) agrees that it should.

Europe is setting the example for people’s right to digital obscurity by bringing GDPR regulations into force. Successful cases of people invoking their right to be forgotten (RTBF) across Europe and having unwanted information about them removed from online sources is much more prevalent than in the UK. But what is the right to be forgotten?

The RTBF is the legal process of requesting the erasure of personal data from an organisation’s database. More specifically, this ruling – within the European Union only – makes Google responsible for removing “irrelevant” or “outdated” information from search results. Along with other search engines, Google must also consider removing links to data that is inaccurate, inadequate, irrelevant, or excessive when filing a request from an individual about their own search results.

With our personal reputations and career prospects reliant on the results that appear when our names are entered via search engines, it is no wonder many people look to evoke their RTBF.

Europe is setting the example for people’s right to digital obscurity by bringing GDPR regulations into force.

GDPR and the Right to Be Forgotten  

So, what are the legalities? The UK General Data Protection Regulation (GDPR), which was retained from the EU regulation under article 17, cemented this into law and now provides individuals with the right to request erasure of their personal data online. All GDPR rights continue to exist in the UK post-Brexit.

GDPR guarantees the right for people to have their personal data erased. Additional terms also apply:

• Individuals can make a request for erasure verbally or in writing.
• Individuals have one month to respond a request.
• The right is not absolute and only applies in certain circumstances.

How Do You Get Your Data Removed?

When an individual contacts an organisation regarding the deletion of their data, the organisation must erase the personal data without undue delay. If the organisation has made the data public, then they also must inform other data controllers who process the data that the individual has made a request to be forgotten, and they must also erase the data, including links and copies.

Under GDPR laws, organisations that fail to comply with such requests face potentially hefty consequences – often to the tune of £20 million in fines or 4% of global annual turnover, whichever is higher.

Organisations often argue against RTBF because they feel the claims are against the data storage and retainment necessary for compliance with a legal obligation or the defence of legal claims. However, where there is no justification, the organisation must comply with the individual’s legal rights. There is no absolute right to be forgotten; it is determined on an individual basis.

Europe Leading By Example

In June 2021, the European Court of Human Rights (ECtHR) – the court of the Council of Europe, of which the UK remains part – rejected a freedom of speech complaint brought by Belgian newspaper Le Soir publisher Patrick Hurbain concerning an RTBF judgment in his home country. The ruling ordered him to anonymise the name of a driver responsible for a deadly car accident in 1994 in Le Soir’s electronic archives. The original report of the accident, which caused the death of two people and injured three others, had mentioned the driver’s full name, which has now since been replaced with the letter X.

The Belgian court recognised the right to be forgotten as “integral” to the claimant’s right to privacy and family life. In this case, the claimant was deemed to have served their sentence and been rehabilitated. Leaving the historical information online would create a lasting criminal record and cause indefinite and severe harm to the driver’s reputation.

However, what makes this interesting is that the European Court judgment has now appeared to extend the “right to be forgotten” from search engines to news websites. Not only can RTBF requests ask for information to be removed from search engine results, but redacted and omitted from online news publications as well.

ECtHR decisions can take time to become part of domestic law, and because UK law is now somewhat removed from Belgian law, it is likely to be a long time before we see the same swift decisions in the UK as we have in the EU. The right to be forgotten is a hot topic. It is not beyond the realms of possibility that a UK news publisher could receive a request to amend a historical article by removing their name or identifying data that would no doubt have to be given real consideration.

This is where I argue that it is time for the UK to follow suit. The Belgian case was a clear example of where anonymisation of a person’s name for a spent crime no longer of public interest was correctly ‘forgotten’.

There is no absolute right to be forgotten; it is determined on an individual basis.

If information were to remain in the public domain, it could have severe consequences for someone trying to rebuild their reputation and life. The discussion around the right to be forgotten must continue and swift action taken to implement the processes of the EU to help protect the privacy and respect of UK citizens.

Progression in the UK

While China, India, Saudi Arabia and the US remain exceptional cases, 15 out of 19 (almost 80%) of G20 countries now have full-fledged statutory data protection laws. By default, virtually all of these laws empower individuals to challenge the continued dissemination of personal data not only when such data may be inaccurate but also on broader legitimacy grounds. Within the EU, Google and other search engines have made an incredible difference by providing the ability to request the removal of personal data via RTBF, which many have now done with great success.

These are all steps in the right direction toward helping individuals invoke their right to be forgotten and prevent damage to their reputation with personal data being removed or anonymised online. Now on the recent case of the ECtHR’s extended ruling on the Belgium RTBF request, I would like the UK legal system to follow suit and do more to safeguard the reputation of people online.

UK courts typically consider judgements from the European Court of Human Rights. It will now be a question of whether UK courts feel that, considering UK law, they need to follow similar judgements, or whether they will lean more towards upholding the rights of freedom of expression from journalists and publications.

Should they not follow suit, we may begin to see people making direct appeals to the European Court of Human Rights themselves if they felt that the UK courts had not ruled appropriately in their case for digital obscurity.

Simon Wadsworth, Founder

Igniyte

Address:  1 Aire Street, Leeds, LS1 4PR

Telephone: +44 (0)203 542 8689

Email: simon@igniyte.com

Website: igniyte.co.uk

Simon Wadsworth is the founder of Igniyte and a global reputation management expert. He has advised chief executives at Mercedes, ITV, Bibby, and Quorn.

Igniyte is a leading authority in online reputation management, working with businesses, brands, high net worth individuals and business owners across the UK, Europe, Africa, the UAE, the US and Canada.