What is the Right to be Forgotten?
The General Data Protection Regulation (GDPR), which came into force in May 2018, provides people with more control over how their personal data is collected and used. Organisations must comply with strict rules around how they handle this information.
Children and GDPR
Children have the exact same data protection rights as adults. These include the right to access their personal data, request rectification, object to processing, and to have their personal data erased. There are even child-specific protections under the GDPR. For example, organisations need to make sure that they provide transparent information in clear language that the child can understand.
The Digital Age of Consent
In Ireland the digital age of consent has been set at 16. This means that organisations and online services must get parental consent before they collect or use the data of anyone under that age. Most social media platforms require users to be 13 years-old to access and use their services.
What is the ‘Right to be forgotten’?
The Right of Erasure is among your rights under the GDPR – it is also known as ‘Right to be Forgotten’. This means that, in certain circumstances, you can ask an organisation to delete your personal information, or ask a search engine to remove links to content about you that is inadequate, irrelevant or excessive.
Children have special protection because they may be less aware of the risks of giving their information to organisations. Even if you are an adult now, you have the right to have your data erased because it was collected from you when you were a child.
However, there are some restrictions on the right to be forgotten, especially when there is a public interest in the information.
When can I ask an organisation to delete my personal data?
You can ask for your personal data to be deleted when, for example, the company that has your information no longer needs it, you have withdrawn your consent, or you object to the processing of your data.
More details about the grounds that apply to this can be found at the Data Protection Commission website.
What happens when an organisation is required to delete your personal data?
The organisation should delete your personal data, and also take steps to tell anyone it has shared your information with that you have requested the data is deleted. The only exception is if this would be impossible or would involve disproportionate effort.
Are there situations where the Right to be Forgotten doesn’t apply?
Yes, certain grounds do need to apply for a person to have the right to be forgotten. These include where there is also a right to freedom of expression, because of legal obligations, or if there is a public interest in the information.
Additional information about all your rights under the GDPR can be found on the Data Protection Commission website.
The DPC are the authority in Ireland who are responsible for upholding the right of individuals in the EU to have their personal data protected.