High Court Ruling
High Court Ruling …
David Parish – Information Security Consultant
“The right to erasure – the right to be forgotten”
This time it is back to Google, Facebook and WhatsApp – all is still rumbling on and there seems to be a slight parting of the waves in the relationship between Facebook and the WhatsApp hierarchy.
So let’s have a quick look at another household name, Google. Google is an ISE – internet search engine.
Google were taken to The Court of Justice of the European Union in the Google Spain case, in what is now often referred to as ‘the right to be forgotten’.
This case gave individuals an opportunity in certain circumstances for information to be removed from ISE. The High Court in England handed down the FIRST judgement on two UK cases, so this is important as post Brexit this will potentially be the precedent that the UK rely on, rather than the Spanish European court case.
In the high court ruling the ruling was on a technical issue in relation to spent criminal convictions of live individuals.
I will not go into spent convictions in this blog, but just say dependant on the types of crime and length of sentences decides when a conviction is spent, i.e. you don’t have to tell anyone.
The court followed the principles in the European Court ruling and also Article 8 ‘Rights to Family Life’ and Article 10 of the European Court of Human Rights, which shows the completing of ‘the right to erasure’.
You may ask why Google defended this, as they have already had over a million requests to erase data. Who knows?
Anyway, the Court ruled in favour of Google on one case and in favour of the individuals in the other.
This is an example of the complex nature of the Right to be Forgotten everyone is looking at;
‘I get a subject access request, a DSAR, but it is not as simple. The GDPR is not about your business it is about you, me and everyone’s individual rights’.
Top tip
“Remember the right to erasure in the GDPR is not an absolute right. A careful review with possible legal advice may be required, prior to dealing with such a request.
by David Parish, Information Security Consultant – IBITGQ Certified ISO 27001 and GDPR implementation Specialist MSC Security and Risk Management