ENISA is launching its new report covering the technical aspects of “being forgotten”, as technology and information systems play a critical role in enforcing this right.
The report identifies technical limitations and a further need for clear definitions and legal clarifications before appropriate technical means to enforce this right can be properly implemented.
- Policymakers and data protection bodies should work together to clarify definitions to assist the enforcement of the right (clarification of who can ask for the deletion of shared personal data, under what circumstances, etc.). Furthermore, with such definitions, the associated costs need to be considered.
- A purely technical solution to enforcing this right in the open Internet is impossible. An interdisciplinary approach is needed and policymakers should be aware of this fact.
- A possible, pragmatic approach to assist in implementing this right is to require search engine operators and sharing services within the EU to filter references to “forgotten” information stored inside and outside the EU region.
- Particular care must be taken concerning the deletion of personal data stored on discarded and offline storage devices.
ENISA also recommends the use of encryption for the storage and transfer of personal data. Particular attention should be given to tracking and profiling online, and enforcement solutions should be deployed to block inappropriate behaviour and to force compliance with regulations regarding personal data protection.
The Executive Director of ENISA Professor Udo Helmbrecht commented: “A uniform approach is needed in Europe to secure the fundamental right of personal data protection. The reform of the data protection laws in Europe is a decisive step in this direction. ENISA’s reports provide a technical information security perspective supporting this reform.”