Re-writing the Right to Be Forgotten

January 11th, 2022

The Council of the European Union, the European Commission, and the European Parliament adopted the GDPR (General Data Protection Regulation) to protect people’s personal data and privacy when visiting a website. Through the GDPR, websites are now required to disclose to users when cookies are employed to track their digital footprint and allow users to opt out. Most users find it cumbersome to complete the process and disregard the option. There is also regulation that grants users the “right to be forgotten,” enabling them to contact companies that collect, analyze, and sell their data and request that they be deleted from their databases.

The problem is that GDPR laws were not designed in the interest of the user but rather in the interest of the Big Tech giants: Google, Facebook, Amazon, Apple, and Microsoft. These key content providers and data collectors, along with many others, profit from the acquisition of user data. Google’s business model mastered the art of data collection. Facebook, Amazon, and Apple are following close in their footsteps. Microsoft, while a slightly smaller player in this arena, should not be overlooked for their influence in helping craft the GDPR.

Along with Big Tech, politicians have used the GDPR as a false cover to pretend they are concerned with digital privacy. If politicians really wanted to protect users’ digital data from Big Tech, the laws would have been crafted differently. The “right to be forgotten” has confusing loopholes and is nearly impossible for users to implement.

In order to be forgotten, a user must make a request to every individual company that collects data and ask to be removed. It’s a daunting task because there are so many companies who collect, analyze, and sell data. It’s almost impossible to track them all down. Even if one could contact all these companies, they are constantly generating new partners with whom they transfer user data. It’s a cat-and-mouse chase that has no end. This is insanity. If the laws were crafted with users’ privacy as the primary concern, they wouldn’t be called “the right to be forgotten,” but rather “the right to be remembered.”

Let’s pretend the GDPR laws allowed users the same, simple ability to opt out of being tracked as it currently does now to opt in with a single click. If this were the case, websites would never get any user information. Big Tech companies are not affected by GDPR regulations because so many people don’t care or simply don’t understand what’s at stake.

If there was a right to be remembered, users would have a real choice, not an obscure, confusing series of steps buried within a privacy policy or user agreement. The problem is that users are “informed” but not in ways they can ever access. Who reads a privacy policy or user agreement? It’s easy to slip in consent to collect data in these long, dry online documents. It would be much more difficult if every third-party host who wanted to place a tracking cookie on your device had to ask for your consent every time. No one would take the time to write companies to allow themselves to be tracked. People would have a real chance at protecting their digital information. These laws need to be re-thought and re-crafted to truly protect digital information.

. . .