We are falling asleep, just as the machines are waking up.- Amy Webb
At work we recently went through the process of implementing controls for Europe’s general data protection regulation (GDPR) and I am nominally the main privacy officer at the company so it fell under me to figure it all out. I have to say that I used to be annoyed by the “Right to be Forgotten” but under GDPR, that is a pretty inaccurate description of what it is - and I really like what it is.
Under GDPR, when a company is processing/storing a person’s data, it has to justify WHY it has a right to do that. It can be things like the data is publicly available, or needed to meet a contractual obligation, or needed to prevent fraud. Lots of reasons, but probably the most common one for a lot of processing is “consent” - the reason the company is allowed to do it, is because the person has said that the company is allowed.
So the “Right to be Forgotten” is really just the right to withdraw consent. If I told you that you were allowed to process my data - and now I tell you that you are no longer allowed, you need to go and delete my data. Pretty straightforward, right? I love it.
I enabled TweetDelete - goodbye all tweets more than 12 months old. I’ve often considered removing the archive here - like, it’s a nice nostalgia thing for me, but I’m not sure it needs to be forever part of the public record.