DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Tuesday, 26 February 2019 15:16

The right to be forgotten versus the need to backup

The right to be forgotten is a fundamental aspect of both the GDPR and CCPA privacy laws; but its impact on personal information in data backups has yet to be tested. Bill Tolson explains the issue and provides some practical advice.

A great deal has been written about the GDPR and CCPA privacy laws, both of which includes a ‘right to be forgotten’. The right to be forgotten is an idea that was put into practice in the European Union (EU) in May 2018 with the General Data Privacy Regulation (GDPR).

The main trigger for this radical step came from the business practices of major Internet companies such as Google and Facebook (among others) around how they collect and use personal data they collect and subsequently sell to other companies for marketing and sales purposes. Additionally, as ‘fake news’ spread, those affected found it was almost impossible to get the Internet companies (including news publishers) to fix or remove the false data.  Because of this, the GDPR and CCPA were established to ensure end-user rights to know what data is being collected on them, how it's being used, and if it's being sold and to whom. The right to be forgotten includes the right to have privacy information (PI) fixed or removed, quickly.

There continues to be a debate about the practicality of establishing a right to be forgotten (which amounts to an international human right) due in part to the breadth of the regulations and the potential costs to implement. Additionally, there continues to be concern about its impact on the right to freedom of expression. However, most experts don’t foresee these new privacy rights disappearing, ever.