right to erasure

Smart Clothing by Pauline van Dongen
TestGorilla
Query Results (Dataview tables and lists)/Key concepts for AI Ethics

Right to erasure

Definition of the right to erasure

Also known as the right to be forgotten, the right to erasure is the right the data subject has to obtain from the data controller erasure of personal data concerning him or her without delay. Clearly this right is important, as it is taken up as article 17 in the GDPR, who define it in a similar way. They add to this that 'undue delay' is about a month, and reasonable steps should also be taken to verify whether the subject requesting the right to erasure is indeed the data subject. Several circumstances under which the right to erasure applies have been identified. Some of them include that the personal data is no longer necessary for the purpose an organization initially collected it for, or when an individual withdraws its consent for processing the data.
Given the hyper-connected nature of the internet, the right to erasure is much more complicated than an individual requesting removal of their personal data and therefore asks for careful policy provided by the GDPR.

Implications of commitment to the right to erasure

Committing to the right to erasure means recognizing the importance of one's privacy in an increasingly digitalizing world. This involves serious commitment, especially on the data controller's side, to ensure that the screen between publicly available data and private data remains opaque. What is at stake here, is that data subjects in the broadest sense are often tracked without them being aware of the extent to which data controllers monitor conduct, aggregate it with other personal data, or sell data to third parties ^[1]. Even when customers permit corporate use of their personal information, they often have very limited knowledge to ascertain how data controllers will use, bundle, or trade their personal information. If (big-tech) companies repeatedly use such information for other goals than initially intended, this could seriously harm trust when sharing personal data and could induce suspicion and hesitance. Nevertheless, many (online) activities require some extent of personal data to function optimally. This leads us to a fork in the road: either you lose functionality, or privacy. Therefore it is essential that the right to erasure is widely accepted and established. The European Commission has started the debate, but given its strong legal component it is essential that broad regulations are imposed on all data controlling entities.

Societal transformations required for addressing concerns raised by the right to erasure

Little cultural changes can be made to address concerns related to this concept. However, there are other measures that can be taken. Overall, societal awareness regarding careful spreading of personal data should be enhanced. People generally lack the ability or interest to see what could eventually happen with their personal information [2]. Every time personal information is asked, the purpose should be questioned and the minimum amount of information should be provided. However, far more influence can be exerted from a legal perspective. As previously discussed, regulations regarding the right to erasure should be imposed to ensure limited duration of data storage and accountability regarding the purposes the data is used for. This facilitates rightful processing of (sometimes necessary provision of) personal data, whilst limiting the ability for malicious practices.

• #comment/Anderson : Any thoughts on how this relates to the readings for the course by Anita Allen or Garcia-Murillo & MacInnes?