Problems with the Enforcementุof the Right to Erasure in the Online Environment: The Case of EU Personal Data Protection Law

Abstract

In European society, privacy and the protection of personal data can be considered as one of the fundamental civil rights enjoyed by everybody. The EU data protection law, the General Data Protection Regulation (GDPR) in particular, imposes certain duty upon any person, who deals with personal data, to comply with regulations with a view to protecting such rights. As far as the right to erasure is concerned, the GDPR has been prescribed so as to support the authority of data subjects. Such right is now at the forefront of academic debates since most of the activities affecting personal data are being carried out online. When the data subject puts his/her personal data in an online system, to some extent, the authority to control such data will be in the hand of online service providers. Nonetheless, in practice, the enforcement of such right still faces many problems since there are no explicit criteria that can be used to determine circumstances in which online service providers who control personal data should delete such data from their database upon the request of the data subject. Although the European Court of Justice has just rendered its decisions with regard to this matter, the content of the decisions did not give a clear-cut benchmark and the Court still uses a considerable discretion in this matter.