Continuing with our series of posts reviewing the potential effects of the proposed EU Data Protection Regulation, one of the areas it addresses is an individual’s “right to be forgotten” by a business. The specific wording is as follows:
“The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data”
This has clearly been written with Social Media in mind, for example, ensuring that Facebook users are able to completely delete their profiles if they so wish. However, the effect on email marketers and direct marketers in general could be disastrous. If somebody unsubscribes, or asks to no longer receive an advertiser’s communications, then clearly that individual’s details need to be held by the organisation in order to suppress them from future comms. Forgetting them completely, i.e. erasing all their data could have the polar opposite effect from that which the consumer is expecting! A individuals details need to be held in order for the organisation to “remember to forget”. Also, industry suppression files, which are there to benefit consumers, could be put at risk by the Regulation.
The problems do not end there. There would also be an issue with information that has already been passed on to third parties, e.g. via list brokers or through partnerships. Also, consumers risk being mis-led. For example, some data in financial services has to be kept for a specific period of time in order to meet with legal and FSA regulations.
In summary, not only does this section of the Regulation risk failing to achieve what it sets out to do, it could also damage consumer trust and increase the complexity and volume of data processing which needlessly increases the financial burden on companies.