The legal affairs committee in the European Parliament last week issued a non-binding opinion supporting the controversial “right to be forgotten” – a proposal in the new draft General Data Protection Regulation that would oblige organisations to permanently delete personal data on request from individuals.
The proposal has previously been met with much lobbying from industry, particularly amongst data controllers in the financial and digital sectors. It has caused concern for various reasons including: the technical difficulties of permanently erasing data due to data storage and backup practices; the speed of proliferation of data through the public arena; and the potential ramifications for freedom of speech. These concerns will largely remain unresolved following this opinion – although some concession was made to the medical industry in that no support was given for this right to apply to data processed for healthcare purposes, in the interests of ensuring best care and treatment.
This announcement comes against the backdrop of a case currently being heard by EU judges, brought by Spain’s data protection authority, to determine whether Google should be required to erase lawful content from its search index. The court’s ruling will be seen as a test of the provisions of the draft Regulation on this point, and will undoubtedly add some insight into the feasibility of this proposed right in practice.
The opinion was the result of the last committee vote on the draft Regulation, before the lead committee, the Civil Liberties Committee, votes on its report – which is expected to take place on 29-30 May.