The Right to be Forgotten: Interpretation and Practice

Preface
Table of Statutes
Table of European Legislation
Table of Cases
Abbreviations
Notes
Part A Background
Chapter 1 The Problem of Time
1 Introduction
2 The Problem of Time
3 A Whole New World
4 Two Decades Far, Far Away
5 Increasing Reach
6 Range
7 Increasing Problems
8 Real Effects
9 Tragic Effects
10 RtbF Solution
11 Increasing Adoption
12 Conclusion
Chapter 2 Big Bang
1 Introduction
2 ‘Big Bang’ Over-reaction
3 Less ‘Big Bang’, More Progress
4 On Point
5 Similarity
6 Conclusion
Chapter 3 Problems Facing Individuals
1 Introduction
2 Memory and ‘Permanence’
3 Digital Memory and Automation
4 Real Time
5 Children
6 Special Personal Data
7 Revenge Porn
8 OA Remedy and Solution Issues
9 On-Site Abuse Reporting
10 Reporting to Police
11 Image Copyright
12 Conclusion
Chapter 4 Online Tools
1 Introduction
2 Need for Rules and Tools
Chapter 5 Legal Backdrop
1 Introduction
2 Fundamental Right of Data Protection
3 EU Law and Data Protection Laws
4 Data Protection and Legal Instruments
5 GDPR
6 National Reference, Reaction and Adaptation of RtbF
7 Conclusion
Chapter 6 The Parties of Data Protection
1 Introduction
2 Main Parties
3 National Data Protection Supervisory Authority
4 Courts
5 Conclusion
Chapter 7 Forgetting and Other Rights
1 Introduction
2 The RtbF Right
3 Rectification Right
4 Erasure and Forgetting Right
5 GDPR: Article 16
6 GDPR: Article 17
7 Other Complementary Rights
Chapter 8 Enhanced Regime
1 Introduction
2 Changes and Expansions
3 General Welcome
4 EU Commission
5 Main Provisions and Changes
6 Security
7 GDPR Analysis
Chapter 9 Responses
1 Introduction
2 Headline Issues Raised
3 General Reactions
4 Positive Reactions
5 Negative Reactions
6 Business Reactions
7 Sectorial Reactions
8 Reactions From the US
9 Search Engines and Social Media
10 Unintended Consequences
11 Foundation Discussions
12 Conclusion
Chapter 10 Practical Issues Facing Individuals
1 Introduction
2 Responsibility
3 Passing the Buck
4 Disparity
5 Evidence
6 Report, Report, Report
7 Us, Not Us
8 Transparency of RtbF
9 Reliability of Internet Sources
10 Internet Data Sources and Locations
11 Cloud
12 Internet of Things
13 On-Site/Off-Site
14 GDPR and Directive: Enhanced provisions
15 Problem Content
16 Accurate
17 Notification of Inaccuracy
18 Conclusion
Part B Right to be Forgotten: The Details
Chapter 11 The Right
1 Introduction
2 Right to Erasure/Right to be Forgotten (RtbF)
3 Erasure and Forgetting
4 To Whom? The Individual Data Subject
5 Erasure and Forgetting of What? Personal Data
6 Who Must Act? The Controller
7 What Must Happen? Erasure and Forgetting
8 When Must It Happen? No Delay
9 Obligation on the Controller: Erasure and Forgetting
10 Timing: No Delay
11 Conditional or Specific Right(s)
12 Different Potential Rights
13 The Specific Right(s) to be Forgotten
14 Qualifying Factors
15 Conclusion
Chapter 12 The RtbF Rights and Streams
1 Introduction
2 Different Potential Rights
3 Headline GDPR Rights and Streams
4 Different Rights to be Forgotten
5 Problem Content
6 Pre- and Post-GDPR Comparison
7 Additional Rights and Grounds
8 Conclusion: Future Rights and Grounds
Chapter 13 Additional RtbF Obligations
1 Introduction
2 Obligations
3 Factors
4 Conclusion
Chapter 14 Exemptions
1 Introduction
2 Limited Exemptions
3 Complications
4 Onus
5 Limited Interpretation
6 Certain Exception Issues
7 Charter
8 Individualised Consideration
9 Necessity
10 Freedom of Expression
11 Legal Obligation by Law or Public Interests Task or Official Authority
12 Public Health Interest
13 Archiving or Statistics
14 Legal Claims
15 Timing
Part C Official Guidance
Chapter 15 The WP 29 Guidance on Google Spain
1 Introduction
2 WP 29 Guidance Criteria List
3 Linked Activities and Takedown Links
4 Broad Judgment on Territory
5 Member State Laws and Directive
6 Responsibility Even Without EU Establishment
7 Update Guidance
8 Establishment Test and ‘Context of the Activities of an Establishment’
9 Anti-Avoidance
10 Targeting
11 ‘Inextricable Link’ Between EU and Non-EU Activities
12 Local Link to Processing Activities
13 General Application
14 Revenue Planning
15 Lesson
16 Applicable Law and Multiple EU Establishments
17 ‘Inextricable Link’ Test as New Element of ‘In the Context of the Activities’ Analysis
18 One-stop Shop
19 GDPR
20 Conclusion
Part D EU Case Examples
Chapter 16 EU Case Law Examples
1 Google Spain: The Ground-breaking RtbF Case
2 Directive 95/46: Law Pre the GDPR
3 Facts, History and Circumstances
4 Legal Context: European Union Law
5 Questions and Issues Referred
6 Ruling of Court
7 Comment on Google Spain
8 Second Google EU RtbF Case
Part E National Case Law
Chapter 17 National Case Law: United Kingdom
1 Introduction
2 Data Protection Act
3 Successful RtbF Case: NT2
4 Unsuccessful RtbF Case: NT1
5 General Principles
6 UK Spent Convictions and the 1974 Act
7 Damages
8 Article 29 Working Party Guidelines
9 GDPR
10 Misuse of Private Information
11 Convictions, Confidentiality and Privacy
12 The e-Commerce Directive and Regulations
Chapter 18 Successful UK RtbF Case – NT2
1 Introduction
2 Description
3 Main Issue
4 Abuse of Process
5 Data Protection
6 The Problem URLs
7 Inaccuracy
8 Privacy Issues
9 Overall Court Assessment
10 Misuse of Private Information
11 Remedies
12 Overall Conclusions of NT2
Chapter 19 Unsuccessful UK RtbF Case – NT1
1 Introduction
2 Description
3 Main Issues
4 Abuse
5 Inaccuracy
6 Privacy
7 Google Spain
8 The Misuse Issues
9 Damages
10 Overall Conclusions in NT1
Chapter 20 ICO and the RtbF
1 Introduction
2 Guidance
3 Children
4 Onward Notifications
5 Backups
ICO Checklists
Chapter 21 UK Law
1 Introduction
2 Changes from GDPR
3 Derogations for Research, Statistics and Archiving
Chapter 22 UK Brexit and Data Protection
1 Introduction
2 Deal or No Deal
3 New Official Advice
4 ICO
6 Data and the European Union (Withdrawal) Act 2018
7 EUWA Details
The NT1 & NT2 Case
8 Conclusion
Part F Additional Cases
Chapter 23 Additional Cases
1 Introduction
2 Sweden
3 France
4 Canada
5 Elsewhere
6 Conclusion
Part G Media Issues
Chapter 24 Media
1 Introduction
2 Balance
3 Problems and Solutions
4 Range of Media RtbF Issues
5 GDPR
6 Google Spain
7 WP29
8 Public Figure
9 Preponderance
Part H Additional Solutions: Options to Consider
Chapter 25 Potential Additional Solution
1 Introduction
2 Right to Rectification
3 Restriction of Processing
4 Notification to Third Parties
5 Data Protection by Design and by Default
6 Data Protection Impact Assessment
7 Prior Consultation
8 Damages and Compensation
Part I Impact, Commentary and Future
Chapter 26 Conclusion: Impact and Future
1 Introduction
2 Awareness
3 Discretion
4 One Solution
5 Investigations
6 Transfers, Processors, Third Parties
7 New Risks
8 GDPR RtbF
9 Right to Rectification
10 Preventing Processing from Causing Damage or Distress
11 Compensation and Damages
12 Children
13 Data Access Rights
14 Identification Rights
15 Right to Restriction of Processing
16 Notification Rectification, Erasure or Restriction
17 A Rights Issue, a Protection, or Safety Issue? Or Both?
18 Online Abuse
19 Future and Additional RtbFs
20 Conclusion
Appendices
Amanda Todd Transcript
Google Spain: Reference to Legal Provisions
Index