ENISA: “Right to be Forgotten” has limits

ENISA’s study on the “Right to be Forgotten” contains useful reminders that once information is published on the Internet it may be impossible to completely remove it. Implementing a right to be forgotten would involve four stages:

  • Identifying and locating the information to be removed;
  • Tracking all copies that may have been made, including unauthorised copies and modified versions;
  • Determining who has the right to request removal (for example if a photograph shows two or more people, which of them is entitled to delete it?);
  • Removing the information, including all copies and modified versions.

The report notes that Internet technology allows anyone – without requiring any form of authorisation – to copy, modify and republish information, and that technology cannot keep track of these activities. As a result it is generally impossible to even locate all copies and versions of information, let alone find any organisation with the authority or jurisdiction to ensure all of them are removed.

The report concludes that a law (such as the proposed EU Data Protection Regulation) might be able to make information harder to find, though a national or European law would still be limited to Internet search and hosting services within its jurisdiction. But ultimately if you want to be certain of keeping control of information, don’t put it on a public website.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *