Navigating Privacy Settings on Social Media Platforms
December 12, 2023Social media has become a ubiquitous aspect of daily life, making the management of privacy settings increasingly vital. This article…
The Right to Erasure can help you protect your privacy in the digital environment.
Some businesses live and breathe on the exchange of data. They specialize in scraping data from public records and making it publicly available to others.
Because of their services, it has become so easy to discover different data not just about places and things but also about people.
Go on people’s search sites, for example. You can easily search for someone and discover different details about this person, including the person’s address, contact details, and social profiles. While this could be convenient, it also means that someone else can potentially find sensitive information that can put your privacy at risk.
It may not sit well with you to have your personal data public. The risks involved could compromise your data privacy and overall security in the online environment.
If you want a certain business to erase personal data about you, the good news is that you have the right to request erasure. You can request information that involves you to be deleted. You may do so because of the GDPR.
Find out what the GDPR is and what your rights are.
The digital space seems to be a whole new world of its own. That being said, some laws are specifically designed to govern this space. One of the most famous and strict laws is the General Data Protection Regulation (GDPR).
The GDPR is considered the strongest security and privacy law worldwide. You can trace its roots to the European Union (EU), but its coverage may include businesses anywhere, as long as people in the EU are involved.
Even if the world acknowledges the authority of the GDPR, the truth is that not every single business needs to adhere to this Regulation. The GDPR has a specific scope and coverage. It was specifically designed for a particular purpose.
Businesses that are part of the EU automatically have to adhere to the GDPR. However, the coverage of the GDPR can go beyond that. Companies from other countries and continents will have to follow the GDPR as long as they meet the following grounds.
If a business hits the EU market by selling to them or monitoring their data, such companies must comply with the GDPR standards.
The GDPR is a comprehensive law in itself that is implemented to protect an individual’s data privacy.
Before focusing on the specific right to erasure, let’s look into what a data controller, data processor, and data subject are.
A data controller is the one who decides why personal data is collected and how to process this personal data. Such controllers may be an individual, official authority, or agency. This data controller may work alone or in tandem with someone else in deciding on these details.
On the other hand, data processors are those in charge of processing personal data as determined by the data controller. Such processors do not control nor own the data collected. They do the processing.
If data controllers are the decision-makers and processors simply process data, a data subject is the one whose information is collected, taken, and processed. If relevant personal data pertains to a particular person, the person involved is called the data subject.
Both controllers and processors handle the personal data of data subjects. Controllers determine what the data is for and how it will be processed, while processors do the processing. A data subject, though not active in this process, is largely involved because this person’s same data gets controlled and processed.
As stated, if you find your data public, a controller and processor are working behind the scenes to control and process the data subject’s data. In this situation, the data subject is you.
While this may sound off to many, the GDPR ensures that every data subject is protected. A data subject’s rights to many different things are included in the Regulation.
As a data subject, you must know that you have various rights that you should exercise. These rights include the following:
The GDPR explains in-depth a data subject’s rights to all these things. Thus, as a data subject, you must know your rights according to the GDPR.
Moving on, you may object to having your personal data included in a public business listing or used for business interests. If this is the case, know that it is within your right to object and to issue an erase request to have your personal data erased.
The right to erasure, or the right to be forgotten, implies a data subject’s right to request personal data erasure. Because it is the explicit right of a data subject, businesses covered by the GDPR have the legal obligation to honor the data subject’s request to have data erased.
When a certain individual objects to having their personal data public, they may submit an erasure request. More specifically, this right can be honored if any of the following certain circumstances are met:
A data subject can exercise this right to erasure if any of these conditions are met. For a data subject to exercise this right, this subject needs to inform controllers by submitting an erasure request simply. This request may be a valid verbal request or a written valid request.
However, it is important to know that this right is not absolute. There is a thin line that governs it.
That being said, when a business receives a data subject’s request, should this business immediately honor this request every time?
If an erasure request is made within the subject’s right to erasure, businesses should honor it. However, companies must also know that data retention policies are at work. Having these policies at work means that there are instances when keeping personal data is still lawful even when a data subject made a request. Here is the lawful basis for data retention.
The GDPR grants a recital to explain in-depth the condition and the lawful basis for data retention. The Regulation mentions in Recital 65 that data retention is permitted in the following certain circumstances.
These conditions show that there are indeed exemptions to the right to erasure. If businesses have the rightful supervisory authority and legitimate interests to keep personal data, they may do so. However, if there is no lawful basis for them to keep the personal data, they must take reasonable steps to erase personal data without undue delay.
The GDPR, as a whole, requires fines or penalties to be made in cases of non-compliance. Depending on how serious the non-compliance is, the fine can reach up to 10 million euros. It may also be as high as 2% of the company’s total global turnover for the previous fiscal year.
Non-compliance is taken seriously by the GDPR, so businesses should be wary and take reasonable steps to comply with the standards.
As mentioned earlier, the GDPR does not cover every business on the internet. If a company caters to an EU market in one way or another, this business should adhere to the GDPR.
The GDPR also specifically states the conditions where the right to erasure or the right to be forgotten should be honored. These include when information society services are involved and when keeping personal data is no longer necessary.
Aside from that, there are also cases where keeping data is legal even if requests are made. These purposes include scientific or historical research, public health, statistical purposes, archiving purposes, intents in line with the public interest, and other purposes stated above.
However, if businesses covered by the GDPR use personal data for other reasons such as direct marketing purposes, they must delete personal data upon request.
The GDPR states that all data related to health can only be made public when the data subject gives consent. Health professionals and other involved parties must carefully handle preventative or occupational medicine or medical diagnosis data. Even a health professional has to be careful when it comes to publicizing this data.
While the GDPR is a set of laws established by the European Union, there are similar data privacy laws in the United States. Unfortunately, the laws are a patchwork of local, state, and federal regulations; there is no single federal law that governs data privacy.
These laws include:
To learn more about how you can protect your internet privacy and remove personal information from the web, contact RemovePersonalInformation today by dialing 844-445-6096 .
Social media has become a ubiquitous aspect of daily life, making the management of privacy settings increasingly vital. This article…
Facebook, with its 2.85 billion users, is a major player in the digital world. Despite its popularity, concerns about data…
The online reputation of a small business is a critical factor that can greatly influence its success. With 87% of…