GDPR –
THE RIGHT TO BE FORGOTTEN
So much is being discussed about the right to be forgotten. What is it? What does it mean for you? Kelli Haas & Associates is here to explain some of it for you.
The right to be forgotten comes from the court case entitled Google Spain SL, Google Inc v Agencia Española de Protección de Datos, Mario Costeja González (2014). You will hear this called the General Data Protection Regulation (GDPR) and also, the right of erasure.
These laws govern personal data that must be erased immediately as long as the data are no longer needed for their original purpose, or the impacted person has withdrawn his consent and there is no other reason for justification, the impacted person has objected and there is no preferential justified reason for the processing, or erasure is required to fulfil a statutory obligation.
The responsible person is subject on the one hand to automatic statutory erasure obligations, and must, on the other hand, comply with the impacted person’s desire to be erased. The law does not further describe how the data must be erased in individual cases. The decisive element is that the result is that it is no longer possible to see the data without disproportionate expense. One regards this effort as sufficient if the media has been physically destroyed, or the data is permanently over-written using special software.
An application of erasure is not subject to any particular form, and the responsible party need not link it to such a form. However, the identity of the impacted person must be proven in a suitable way, as otherwise additional information could be requested from the responsible party, or the erasure could be refused. If there is an application to erase or a statutory obligation to erase, this must be implemented quickly.
The attorneys at Kelli Haas & Associates are here to answer any questions you have. As always, you can call (615) 567-7300 or contact Kelli directly at kelli@khalawgroup.com.