The Right to Have Personal Data "Forgotten"

Europe takes a stronger stand on this than does the US...

Europe has long taken a stronger stand than the US to protect the privacy of citizens’ data. That is still true on the internet, and it affects privacy issues in the US. The EU’s General Data Protection Regulation must be followed by US companies who wish to do business in the EU. If you want the detail, I’ve written twice about the impact of the law. The second post has a link to the first.

For a shorter version, an infographic that summarizes the impact of the law has a section on the rights of consumers. The fourth right is “Erasure of data where there is no compelling reason for further processing.” That has come to be popularly known as ‘the right to be forgotten,’ and it’s that right I want to focus on in the context of tracking.

The importance of this newly-acquired right is best illustrated by an example. In the post on mobile tracking I pointed out that some apps have to know your location in order to function. Google Maps is a good example and provides a close parallel to how the other mapping apps collect and use data. Personally, I find the use of a navigation app essential and would not be willing to give it up for reasons of both convenience and safety.

The question becomes, how much of the data collected is saved and for what reason? Google saves “Location History,” and let’s use that as an example of saving data and how a user can ‘be forgotten.’ Google says it creates maps that describes “where you go with your signed-in devices, including how long and how often you visit and how you travel between places.’ Note that this detailed data helps Google or any other mapping service create alerts and estimate travel times, which is useful. Does it need to be stored? Each user can make this decision for herself.

To control your options, you must be signed into your Google account. This page will take you through it and to the Privacy Checkup page where the second item is Location Tracking. You can turn it off. That stops creation of new location histories, each of which is a detailed map of a trip. It does not erase the history that has already been saved. Go to Manage Location History. When I went there I found 85 places where I’ve gone. I also found 105 ”unconfirmed” places, which look like places I’ve visited although I didn’t check every single one. Using the Settings icon on the bottom right of the map you can Delete all Location History. You have to look pretty hard to learn that if you delete all location history “some Google apps may not work the same as they did before.” Google says that location data may still be saved in other apps, meaning that other Google services are still tracking.

On the Privacy Checkup page users can also control the amount of data saved by YouTube and Google Photos, among others. Interestingly, you can also give Google more data to make the ads you see more relevant!

That’s one long example of controlling the amount of data collected and saved about you. The process should be similar on other sites you visit. However, it’s not necessarily the case on other popular platforms. For example:

  • Facebook allows a user to download the user’s data. The only way to delete the data is to delete the account, which permanently removes all posts, photos and perhaps messages. CNBC explains and provides the link.
  • You can also download but not delete personal data on Twitter. Click on your icon to get Settings, go to the Your Twitter Data page. There is also a Privacy and Safety page that you might want to review. I downloaded my data, which was a bit of a chore. It gave me a record of my Tweets, my profile data, my messages and my direct messages, all of which I could read. It also gave 40+ JavaScript files I could not read but which were clearly items of data like who I had blocked. Bottom line; nothing I could access that I didn’t already know.

Do the data policies of Facebook and Twitter make sense, given what I’ve said about the requirements of the law? No, they do not. Facebook, in particular, faces the potential of billions of dollars in fines in both the US and EU over charges it has violated various privacy laws.

Let me repeat the privacy options I gave in the previous post. You can find more details there.

  1. Decide not to worry about tracking and stay on sites you trust.
  2. Turn all security settings up to the maximum.
  3. Do not remain signed in on any sites.

There are two important things to remember as you consider those options. First is that a reasonable level of data collection and use allows advertising that keeps digital content free or subscriptions at a reasonable price. Second is that protecting your passwords and transactional data against identity theft is the most important thing you do on the web. welcomes thoughtful comments and the varied opinions of our readers. We are in no way obligated to post or allow comments that our moderators deem inappropriate. We reserve the right to delete comments we perceive as profane, vulgar, threatening, offensive, racially-biased, homophobic, slanderous, hateful or just plain rude. Commenters may not attack or insult other commenters, readers or writers. Commenters who persist in posting inappropriate comments will be banned from commenting on