Living from a clean website: “The right to be forgotten” as an element of the right to protection of personal data in the system of fundamental human rights.

Modern technologies allow you to memorize vast amounts of information about the online life of every person who has used the World Wide Web at least once. However, do all users think about the fact that search engines store their personal data for years. Are we aware of where, how and by whom such information can be used? But the most important question is, do we, the users of online services, have the right to forget and the right to delete information that the Internet “remembered” about us?

For the first time a positive answer to the last question of the European Union elections in 2014 in the case of Google Spain SL, Google Inc. at AEPD, Mario Costeja González. It was in the course of this case that a new fundamental concept and concept of the “right to be forgotten” was formed.

The right to be forgotten is a human right that allows a person to demand, under certain conditions, removal of their personal data from public access through search engines. It is a reference to the data that may harm him, in the opinion of the person. This applies to outdated, inappropriate, incomplete, inaccurate or redundant data or information, the legal grounds for which have disappeared over time.

Therefore, in 2014, the Court of Justice ruled that in certain circumstances it is appropriate to require search engine owners to make personal information inaccessible to a search query. Namely, information about the person by which he / she can be identified (name, identification number, location data, characteristic physical, physiological, genetic, mental, material, cultural or social features).

Mario Costeha Gonzalez’s precedent in 2014 sparked a heated public debate over the appropriateness of establishing the right to be forgotten as an international law. The debate was partly due to the lack of clear legal regulation of the exercise of such rights. Concerns have been expressed that the right to be forgotten is contrary to such fundamental human rights as freedom of speech and freedom of access to information. In addition, there were speculations that the new concept would negatively affect the quality of Internet resources in terms of censorship and falsification of history.

In the most modern sense, the concept of “right to forget” refers primarily to the removal in search engines of links to materials containing personal data or unwanted information, but not about the removal of the materials themselves. That is, the restriction does not apply to changes in the source of information itself, but only speaks of blocking the paths to such sources.

One of the EU’s fundamental pieces of legislation, which underpins the right of being forgotten, the Charter of Fundamental Rights of the European Union, guarantees the individual’s right to “respect for private and family life” and to “the protect personal data concerning him”. In addition, “everyone has the right to access the data collected about him and the right to eliminate errors in them.”

The technical procedure implementation for processing personal data and the application of the right to forget in the European Union was the GDPR – General Data Protection Regulation.

The right to forget is set out in Art. 17 of the General Data Protection Regulation (GDPR) of the European Union, which entered into force on 25 May 2018 and changes the method of collection and protection of personal data and mechanisms for processing customer information. In particular, on the World Wide Web, in the European Union or directly or indirectly have access to personal data of persons located in the EU.

The latest modification of the application of the “right to forget” model is the information that in 2019 Google won a lawsuit with France before the Court of Justice (TSUE) in Luxembourg regarding the right to be forgotten. According to the decision, this right only applies to the version of the search engine in the Member States, but not outside the EU.

Ukraine has not developed special legislation that would ensure the realization of the right to oblivion. But the regulation has extraterritorial application, and therefore the regulation will extend its effect to Ukrainian companies. Another interesting issue is the practical observance of national legislation in the context of the issue raised.

According to the Law of Ukraine “On Personal Data Protection” of 01.06.2010, the processing of personal data is carried out openly and transparently with the use of means and in a manner that meets the specific objectives of such processing. Personal data must be accurate, reliable and up-to-date as required by the purpose of their processing. The composition and content of personal data must be relevant, adequate and not excessive in relation to the specified purpose of their processing.

The personal data subject has rights to:

  • make a reasoned request to the personal data owner with an objection to the processing of their personal data;
  • make a reasoned request to change or destroy their personal data by any owner and controller of personal data, if this data is processed illegally or is inaccurate;
  • to file complaints about the processing of their personal data to the Commissioner or to the court;
  • make reservations regarding the restriction of the right to the processing of their personal data during the consent;
  • withdraw consent to the processing of personal data.

In Ukraine, the right to forget is not enshrined in law. Today, the possibility of introducing the European model of the right to forget in Ukraine is connected with the relations between the Ukraine-EU Association, the application of the case law of the European Court of Human Rights in national justice, as well as future legislative activity.

In Europe, the functioning of the GDPR and the enshrinement of the “right to forget” is a positive step for users on the path to data protection. This will strengthen the rights of individuals and increase the responsibility of controllers for the processing of personal data.

It is difficult to argue that in Ukraine there is a need to develop legislative protection of personal data on the Internet from unreliable / irrelevant information. Therefore, as the experience of European states shows, the concept of the “right to forget” can be the right step towards the legal consolidation and protection of the right to privacy.

Changes in the modern world require an adequate and timely response from the legal system. The establishment of the institution of the right to be forgotten is conditioned by the search for a balance between the right to privacy and the universally recognized right to freedom of expression and the right to access information.

And although modern controversy over the appropriateness and practice of the right to forget has divided the Internet community into two camps, the effectiveness and feasibility of such a right is based on the needs of each individual who is interested in protecting their personal data. In any case, the legal system must evolve and protect human rights not only in real life but also in today’s digital environment. After all, today offline and online activities, and therefore human rights in real and digital space, have become an integral part of our usual way of life.