EU's Top Court Limits 'Right To Be Forgotten'
The EU's highest court, the Court of Justice of the European Union, recently issued a decision limiting a "de-referencing" obligation and declaring that the right to be forgotten is not "absolute." After briefly discussing the right to be forgotten and the de-referencing obligation, Shari Claire Lewis, in this Internet Issues/Social Media column, reviews the CJEU's ruling and explore its implications.
October 11, 2019 at 12:45 PM
10 minute read
While the U.S. government remains unable to enact comprehensive privacy legislation in response to new technologies and growing privacy concerns, numerous states across the country, including New York, have adopted privacy laws and regulations seeking to address specific issues or that are applicable to specified entities. Some of these new rules affect a broad swath of businesses. Notably, the California Consumer Privacy Act (CCPA), which will take effect on January 1, governs companies that possess personal data of California residents, regardless of where the businesses are located or how the goods or services are provided.
Perhaps no privacy law, however, has yet had the impact of the General Data Protection Regulation (GDPR), which was enacted by the European Union (EU) and which took effect almost one-and-one-half years ago, on May 25, 2018. The GDPR addresses everything from the processing of individuals' personal data to when and how informed consent must be obtained from the data subject to the security processes and practices that businesses must undertake to protect that data. The GDPR's requirements have affected websites and businesses based in Europe, as well as vast numbers of entities headquartered in the United States whose business practices, nevertheless, are considered by the European Data Protection Board to place them within the scope of the GDPR. (For further background, see, e.g., Shari Claire Lewis, "New Guidance Helps Determine GDPR's Application to New York Businesses," NYLJ (Dec. 18, 2018).)
One of the GDPR's most significant aspects is its establishment of an individual's fundamental "right to be forgotten," which allows individuals to demand that links to certain information about them be removed from the Internet via a process known as "de-referencing." The right to be forgotten is intended to give individuals the ability to limit the information that others can find and read about them online. Although the GDPR has led in the establishment of such a right, the right to be forgotten is increasingly being recognized by U.S. state privacy laws. Unfortunately, an individual's right to be forgotten often presents technical, business, and legal challenges to companies.
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Trending Stories
- 1The Law Firm Disrupted: For Big Law Names, Shorter is Sweeter
- 2Wine, Dine and Grind (Through the Weekend): Summer Associates Thirst For Experience in 'Real Matters'
- 3'That's Disappointing': Only 11% of MDL Appointments Went to Attorneys of Color in 2023
- 4What We Know About the Kentucky Judge Killed in His Chambers
- 5'I'm Staying Everything': Texas Bankruptcy Judge Halts Talc Trials Against J&J
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250