Identity Blog

How EU Citizens Are Using Their “Right to Be Forgotten”

Should people have the right to have outdated, inaccurate, and possibly embarrassing information about them removed from the internet?

In 2014, The European Court of Justice ruled that EU citizens had the Right to Be Forgotten, or as Google puts it, “the Right to Be Delisted”.

This means that citizens can petition search engine companies, like Google, to delist URLs from search engines if the page is “inaccurate, inadequate, irrelevant or excessive”.

Once a petition is submitted, search engine companies can then determine to fulfil the request, as long as it is not relevant or in the public interest. The page itself does not go away, however, it is just delisted from the search.

From 2014-2017, Google found that EU citizens had requested 2.4 million URLs to be delisted.

In a recent Transparency Report published by Google, they found majority of the delisting petitions are based on individuals’ personal information or legal history.

After three years of being in affect, Google has had over 2.4 million delisting requests. With this information, they analyzed how and why individuals are using their “Right to Be Forgotten”. This data is also significant as it shows that this ability to be “Forgotten” is actually something people want.

Key Highlights

Key Takeaways

  • Nearly 90% of requests came from individuals.
  • Many “frequent requesters” were law firms and reputation management services
  • Nearly 1/2 of the requested URLs directed to social media sites or directories
  • Over 20% of pages referenced an individual’s legal history
  • 24% of professional information was petitioned, the largest target of requests
  • Overall, Google delisted 43% of the petitioned URLs

The “Right to Be Forget” and GDPR

Interestingly enough, the “Right to Be Forgotten” is also a requirement of the upcoming GDPR regulation that takes effect May 2018. In this case, the customers have the right to have all instances of their personally identifiable information (PII) deleted from a business’ database.

This will affect all businesses that have customers in the EU, regardless of where they are actually located and carries significantly penalties for non-compliance. For most businesses, this poses a significant challenge as they do not have a central, unified view of the customer.

To learn more about the GDPR, how it will affect your business and how CIAM helps meet GDPR compliance, visit our GDPR page.

Related Posts