A fresh look at the Right to be Forgotten

The “right to be forgotten,” which is a data privacy principle supported by the EU’s GDPR (General Data Protection Regulation), is a principle that continues to gain popularity as more social media users become aware of what companies do with their data. It is no secret that the corporations of today, especially in the social media sector, make the majority of their revenue from processing user data and selling it to the highest bidder. The social media users who become aware of this hidden data market typically feel that their privacy has been unjustly violated and that they should possess the sole rights to their personal data. These feelings are justified, given that users are required to give personal data in order to gain full access to the internet, which at this point is a necessity of life. The personal data in question is information such as full name, age, sex, address, and sometimes even social security number or credit card information. The latter two pieces of information are now being required by sites such as YouTube for age verification, meaning users are forced to give up their most important identifying information to effectively use the internet.

Some companies are giving users options to restrict the collection of their personal data. One of these companies is Apple, which, for the last couple of years, has implemented an “ask app not to track” feature that restricts sites and apps on its platform from collecting user data in the background. However, this is not the reality of most companies. As I mentioned earlier, companies like YouTube require the collection of personal data for full access to their site. Other companies, such as Meta, collect personal data without asking permission from users for said data to be collected. This leads to personalized ads and algorithms being used to entice users to make purchases and commit more time to the use of their platforms without their knowing. Some might argue that personalization of ads and algorithms enhances these sites for users, but I believe that implementing these features without permission is a moral breach of privacy against users.

Personal data, unlike speech and expression, is intrinsically connected to the real-life individual behind the online user. Data is not something that users have a choice in creating or expressing, and rather, it is a part of their identity that is being shared without their consent. A comparison to make in this scenario is the sharing of medical information. If a doctor were to sell the medical information of his or her patients to hospitals so that they can target patients with ads, it would constitute a severe breach of doctor-patient confidentiality, and the doctor would likely lose his or her license after review. I don’t see why the same principle doesn’t apply to personal data online. As a result, I believe that there should be some legal right set in place for users to request the removal of their personal data from all online services. Services that continue to use data after this request is made should be subject to penalties, both civilly and criminally. Sites should also be required to inform their users of any data being collected in the background upon first login. Sites may still be allowed to collect this data after consent is established, as data collection is still an integral part of these sites operating efficiently and profitably.

Enforcement of these principles is not easy, though. The companies that make their revenue from data collection and sales, as well as the advertisers who rely heavily on this data, would heavily protest strict government regulation of data collection. This could result in severely negative impacts on the U.S. economy, especially if companies decide to move their operations overseas.  Perhaps some private systems must be put in place to ensure that companies handle personal data properly so that it is less likely they will be subjects of lawsuits. Something like a review board could be established so that companies hold each other accountable before the government needs to step in to reinforce the users’ right to erasure. This would allow companies to re-evaluate their business practices without the immediate threat of litigation, thus reducing the risk that these companies will flee overseas. One other idea is for companies to introduce programs for users to monetize their own data so that companies do not lose out on the important benefits of data collection, while also enabling users to feel fairly compensated for their data being used.