First published in ACCESS Spring 2018 magazine
Data protection and privacy are hot topics these days. Most of us have left a digital archive all over the internet. But what are your rights to that information and to have that information deleted?
In May 2018 the General Data Protection Regulation (GDPR) comes into effect and replaces the old EU Privacy Directive and the Dutch Data Protection Act (DDPA). The new regulation focuses on transparency, including strengthening and expanding privacy rights. The GDPR also gives residents of the European Union two more rights: the right to be forgotten and the right to data portability.
The right to be forgotten
Article 17 of the GDPR grants people the right to be forgotten. This means that a person can ask for personal data to be deleted once those data are no longer necessary.
This right was granted by the Court of Justice of the European Union, after, in 2010, a Spanish citizen filed a complaint against (among others) Google. The citizen complained that an auction notice of his home in Google’s search results infringed his privacy rights because the issue had been fully resolved; the reference was therefore irrelevant. He requested that Google remove the reference. The Court ruled that individuals have the right, under certain circumstances, to require search engines to remove certain personal data. This ruling applies where the information is inaccurate, inadequate, irrelevant or excessive for the purpose of the data processing.
Although the right to be forgotten is not entirely new, article 17 GDPR modernises European data protection rules. It is now clear that non-European companies, when offering services to European consumers, must apply European rules, and that it is for the company—and not the individual—to prove that the data are still relevant.
The right to data portability
Under the GDPR, citizens are entitled to data portability. In other words, you can transfer your personal data between organisations that may collect data on you. This is to ensure that it is easy for you to pass on your data to another organisation.
The principle behind the right to data portability is to increase the control of citizens on their personal data. A citizen can decide for themselves which data they share and with whom. This also prevents vendors from locking customers in by refusing to transfer personal data.
If you have any questions about your rights under the GDPR or any other questions about data privacy, please contact our experts at the Legal Expat Desk.