Grave doubts about whether data protection authorities in Britain and across the European Union can ever deliver on a “right to be forgotten” were expressed at seminar organised by the Westminster eForum. 

Both the Ministry of Justice and the UK Information Commissioner believe the newly-published European data protection framework review is in danger of raising “false expectations” on the part of the public about the possibility of individuals deleting personal information.

There was criticism at the seminar (8.3.2012) of what one speaker described as the “political gesturing” of the EU’s Justice Commissioner Viviane Reding.

Lord McNally, Minister of State at the Ministry of Justice, urged the EU to offer the twenty seven member states a workable solution. The right to erase data would not be possible if it related to health care, crime or a free press, nor could it apply to credit rating.

“Businesses should have rights too...we must not undermine responsible lending or financial agreements. We may set the standard so high we don’t get a model which can work in practice.”


David Smith, the UK’s deputy Information Commissioner with responsibility for data protection, agreed with the Ministry of Justice that the EU framework needed clarifying. “So if we champion the ‘right to be forgotten’, a right to be deleted, and if that is not the case in practice, that leads to false expectations and a lot of dissatisfied individuals.”

However, he welcomed several improvements in the framework. In future when personal information is being held electronically the individual will get the right of access to that data electronically.  Another new safeguard was a shift in the balance of proof towards the individual. At the moment when individuals seek the removal of data it is necessary for them to provide “compelling, legitimate grounds” for deletion.  That onus would now fall on data controllers and processors who would have to show why there were “compelling, legitimate business reasons” to continue processing the data.

An assurance that Facebook already complied fully with the “right to be forgotten” was given by Simon Milner, its director of public policy for the UK and Ireland.  There was the right to “completely delete” all data. Users seeking to deactivate Facebook accounts could reassure themselves by downloading all the information they had ever posted and then deleting it.

But Facebook believed the EU framework was wrong to suggest that social networking sites should be required to ensure the deletion of data which had been copied on to other services; equally it was not practical to give people the right to delete anything which someone else had posted about an individual user. There other unanswered questions about how far third parties could go in deleting information.

In response to the criticism Peter Hustinx, the European Data Protection Supervisor, acknowledged that Viviane Reding had raised expectations when the framework review was published in January and there was a danger that individuals who sought to exercise the “right to be forgotten” might be disappointed.

In Commissioner Reding’s defence, he said that ever since she raised the prospect of a “right to be forgotten” it had attracted increasing interest. Perhaps it was the wrong translation and should relate to the ability to start “thinking about forgetting” the past.  “We do need to organise the ‘forgetting’...she has invested capital in this idea and moved it from the margins to centre stage.” 

The original EU directive on data protection dated from 1995 and a review of the framework began in 2009. Negotiations with the twenty seven member states and the European Parliament would continue until “beyond the end of the year” and it would then take two years for the regulations to come into effect.

Lord McNally closed the session with a warning that issues raised by the “right to be forgotten” were only just emerging.  Entrepreneurs would be tempted to set up data bases which would infringe this right.

There was already a case of data being used to produce black lists of workers in the construction industry and there would be others which would undoubtedly contravene the rehabilitation of offenders act.  “How do we mesh in legislation with this amazing capacity to acquire and cross reference data...that really is a big problem coming down the track?”