Organizations, often businesses, can collect information about nearly every aspect of a person’s life, from basic facts like their address and phone number to their favorite sport and furniture-buying tendencies. As a result, there has been an increased focus on the protection of consumer information.
In May 2018, the European Union enacted the General Data Protection Regulation (GDPR), a comprehensive data security and privacy law that establishes rights for individuals and obligations for organizations. One of the many provisions of the GDPR concerns personal privacy rights, also known as the right to be forgotten.
In this section, the law states that individuals have the right to have their personal data erased by organizations within a reasonable timeframe. Businesses don’t tend to do this naturally — certain conditions have to be met. For example, if the organization relied on the individual’s consent for data collection and the individual withdrew consent, their data must be erased.
Moreover, if the data is no longer required for the purpose that the organization collected it for, then the individual has the right to request erasure. These examples are non-inclusive and there are several other reasons why an individual would be able to invoke the right to be forgotten.
There are a few instances where the organization’s right to data processing is more powerful than the individual’s right. This includes situations where the data is being used for the public interest, to comply with a legal ruling or for the organization to exercise its freedom of speech.
Fines for violating the GDPR are severe— reaching up to 4% of global revenue or 20 million euros, whichever amount is higher. Businesses have compelling reasons to follow the GDPR closely. Excluding a 2018 California law, the United States lacks its own version of the GDPR, although there has been much debate over enacting one.
Vedant Vamshidhar is a rising senior from the University of Southern California studying Intelligence & Cyber Operations. He is interested in the intersection of cybersecurity and international relations, and currently works as a Governance intern for ONC. Outside of coursework, he is active in USC’s Model United Nations team and the Southern California International Review..