Abstract image of a woman sitting on books and studying on a laptop

The right to delete

Download as PPTX, PDF
P
Paul Bernal

The document discusses the need for a "right to delete" personal data held by companies online. It argues that individuals should have more control over their personal data and be able to easily delete it. This would encourage businesses to develop new models that do not rely on long-term data storage and push for better data security practices. A right to delete would balance data protection with individual autonomy and force companies to justify retaining people's information.

EducationTechnology
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
The right to deletePaul Bernal – London School of Economics
Personal data on the internetMassive amounts are heldCurrent commercial models rely on itThe data that is held is vulnerable – and may be increasingly soThe existence and use of that data is something that concerns people – and rightly soIt’s our data, isn’t it??
The right to deleteTo address the existence of this dataTo encourage the development of business models that don’t rely on the holding of dataTo begin the process of putting data subjects in control of their own data
Personal data in the new internetThe Google/Facebook modelBehavioural trackingCommercial data gatheringThe market in personal data
Data vulnerabilityPhysical loss – e.g. HMRC/MOD data lossesHackingVulnerability to government action:Subpoenas, USA PATRIOT act, Data retentionSwiss banking data/Chinese Google hackersCommercial vulnerabilityT-Mobile data-selling scandalChanges of ownership etc
What can happen to lost data?Into the hands of criminals – nastier and better-targeted scamsInto the hands of governments – used without the normal restrictions (e.g. Germany)Into the hands of less scrupulous or less controlled businesses or different jurisdictionsInto the overall data morass
What can be done?Systematic culture change – emphasis on data securityMore powerful, better resourced and better supported data protection systemsBetter use of technological protection – encryption etcMore community awareness of the issue
But there will always be problems:Human errorsHuman maliceTechnological errorsCommunity pressuresNew technological and business ideas
Data minimisationAlready a principle within data protection, but one that is effectively paid only lip-service toIt needs to be better enforced – both better detected and more harshly punished. Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisationNeeds to be put in the hands of the data subjects
New business models (1)The drive behind the current web model has been the business concepts of Google and FacebookNew business models could bring about new changes – but how to get them to happen?We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that dataOne key could be giving data subjects the right to delete
New business models (2)Currently it is the business that decides whether data should be held, anonymised or deletedIf that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being heldInstead, they might look for ways to use the data immediately, then discard it
The right to deleteNot ‘the right to be forgotten’ – no rewriting of history or censorshipA change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other wayThe right needs to be made easily applied – access to data and then the ability to delete it directly on the webA shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers
When can data be held?Paternalistic reasons – for the benefit of the individual (e.g. medical data)Communitarian reasons – for the benefit of the community (e.g. criminal records)Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls)Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’)Security reasons – for national security or criminal investigations (e.g. data retention laws)
Business reasons…. ….are not enough
Deletion and anonymisationClosely related – and complexData can relate to more than one individualData controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option
Data protection principlesThe right to delete extends and improves implementation of data protection principlesFirst point is better data access rightsSecond is putting data minimisation in the hand of the data subjectImportant to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it
ImplicationsGives individuals more control and autonomyForces those holding data to justify why they’re holding it – in such a way that users understandEncourages the development of better business modelsCould end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models
Human rights in the online worldWith our online life more and more integrated into our offline life, we need to focus on rights in the online worldThose rights must include our ability to control and shape our digital footprintThe right to delete data is just one of the rights that will be needed.p.a.bernal@lse.ac.ukhttp://personal.lse.ac.uk/bernal

More Related Content

PPT
Can we keep your data please?
Paul Bernal
 
PDF
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
PDF
GDPR and Irish SMEs May 2017
Amarach Research
 
PPTX
Taking back control
Paul Bernal
 
PDF
How does the data protection reform strengthen citizens rights?
- Mark - Fullbright
 
DOCX
RIGHT PRACTICES IN DATA MANAGEMENT AND GOVERNANCE
VARUN KESAVAN
 
PDF
GDPR- Get the facts and prepare your business
Mark Baker
 
PDF
Convince your board - Ten steps to GDPR compliance
Dave James
 
Can we keep your data please?
Paul Bernal
 
[Presentation] GDPR - How to Ensure Compliance
AIIM International
 
GDPR and Irish SMEs May 2017
Amarach Research
 
Taking back control
Paul Bernal
 
How does the data protection reform strengthen citizens rights?
- Mark - Fullbright
 
RIGHT PRACTICES IN DATA MANAGEMENT AND GOVERNANCE
VARUN KESAVAN
 
GDPR- Get the facts and prepare your business
Mark Baker
 
Convince your board - Ten steps to GDPR compliance
Dave James
 

What's hot (20)

PDF
Data Protection and Privacy
Vertex Holdings
 
PPTX
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 
PPT
Autonomy, Privacy, The Symbiotic Web
Paul Bernal
 
PPTX
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Bart Van Den Brande
 
PPTX
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
PDF
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Erwin Otten
 
PDF
Data Privacy
cliff_rudolph
 
PPTX
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
PPTX
Privacy and data protection - Presentation for Bdma real time and trigger bas...
Bart Van Den Brande
 
PDF
Data Protection Forum Brussels 230517 - Implementing GDPR
John M Walsh
 
PPTX
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
PPT
Consumer Privacy
Ashish Jain
 
PDF
Explain your algorithmic decisions for gdpr
Pierre Feillet
 
PPTX
Associates quick guide to gdpr v 1.0
Aaron Banham
 
PDF
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
Cédric Laurant
 
PPTX
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
PDF
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
PDF
Checklist for SMEs for GDPR compliance
Sarah Fox
 
PPTX
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
PDF
Data & Privacy: Striking the Right Balance - Jonny Leroy
Thoughtworks
 
Data Protection and Privacy
Vertex Holdings
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 
Autonomy, Privacy, The Symbiotic Web
Paul Bernal
 
Gdpr compliance univ'air carslon wagon lit 5 oktober 2017
Bart Van Den Brande
 
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Erwin Otten
 
Data Privacy
cliff_rudolph
 
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Privacy and data protection - Presentation for Bdma real time and trigger bas...
Bart Van Den Brande
 
Data Protection Forum Brussels 230517 - Implementing GDPR
John M Walsh
 
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
Consumer Privacy
Ashish Jain
 
Explain your algorithmic decisions for gdpr
Pierre Feillet
 
Associates quick guide to gdpr v 1.0
Aaron Banham
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
Cédric Laurant
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
Checklist for SMEs for GDPR compliance
Sarah Fox
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Thoughtworks
 
Ad

Viewers also liked (8)

PPTX
Collaborative Consent
Paul Bernal
 
PPT
Rise and Phall
Paul Bernal
 
PPT
The Symbiotic Web
Paul Bernal
 
PPT
The internet: a new frontier for human rights
Paul Bernal
 
PPTX
Media A2 Portfolio
hugojarvis
 
PDF
Digital Scholarship powered by reflection and reflective practice through the...
Judy O'Connell
 
PDF
The Next Big Thing is Web 3.0. Catch It If You Can
Judy O'Connell
 
PDF
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
Collaborative Consent
Paul Bernal
 
Rise and Phall
Paul Bernal
 
The Symbiotic Web
Paul Bernal
 
The internet: a new frontier for human rights
Paul Bernal
 
Media A2 Portfolio
hugojarvis
 
Digital Scholarship powered by reflection and reflective practice through the...
Judy O'Connell
 
The Next Big Thing is Web 3.0. Catch It If You Can
Judy O'Connell
 
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 
Ad

Similar to The right to delete (20)

PDF
Ichec dig strat gdpr
Prof. Jacques Folon (Ph.D)
 
PDF
Esc Rennes gdpr oct 2018
Prof. Jacques Folon (Ph.D)
 
PDF
The Right To Be Forgotten 2nd Edition Paul Lambert
murreenwri
 
PPTX
Designing for Privacy in an Increasingly Public World
Robert Stribley
 
PPTX
Privacy and data protection primer - City of Portland
Hector Dominguez
 
PDF
On GDPR compliance, the Right to be forgotten and Artificial Intelligence, OW...
OW2
 
PPTX
Keeping it Private - A Discussion About Data and the Internet
Daniel Ayala
 
PPTX
Designing for Privacy NY Studio—10/04/21
Robert Stribley
 
PPTX
Industry Unbound: The Inside Story of Privacy, Data and Corporate Power
Bernard Marr
 
PPTX
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
PDF
Gdpr in a nutshell
Matthew Butler
 
PDF
Right Forgotten_v
Mei Wang
 
PPTX
Data set Legislation
Data-Set
 
PDF
Access now : Data Protection: What you should know about it?
ANSItunCERT
 
PPTX
Putting data science into perspective
Sravan Ankaraju
 
PPTX
GDPR Practicalities - The Data Shed
Stewart Norriss
 
PDF
Data science and privacy regulation
blogzilla
 
PPTX
Age Friendly Economy - Legislation and Ethics of Data Use
AgeFriendlyEconomy
 
PPT
Ch 17 data protections act
Khan Yousafzai
 
PPTX
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Upekha Vandebona
 
Ichec dig strat gdpr
Prof. Jacques Folon (Ph.D)
 
Esc Rennes gdpr oct 2018
Prof. Jacques Folon (Ph.D)
 
The Right To Be Forgotten 2nd Edition Paul Lambert
murreenwri
 
Designing for Privacy in an Increasingly Public World
Robert Stribley
 
Privacy and data protection primer - City of Portland
Hector Dominguez
 
On GDPR compliance, the Right to be forgotten and Artificial Intelligence, OW...
OW2
 
Keeping it Private - A Discussion About Data and the Internet
Daniel Ayala
 
Designing for Privacy NY Studio—10/04/21
Robert Stribley
 
Industry Unbound: The Inside Story of Privacy, Data and Corporate Power
Bernard Marr
 
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
Gdpr in a nutshell
Matthew Butler
 
Right Forgotten_v
Mei Wang
 
Data set Legislation
Data-Set
 
Access now : Data Protection: What you should know about it?
ANSItunCERT
 
Putting data science into perspective
Sravan Ankaraju
 
GDPR Practicalities - The Data Shed
Stewart Norriss
 
Data science and privacy regulation
blogzilla
 
Age Friendly Economy - Legislation and Ethics of Data Use
AgeFriendlyEconomy
 
Ch 17 data protections act
Khan Yousafzai
 
Chapter 08 – Data Protection, Privacy and Freedom of Information - BIT IT5104
Upekha Vandebona
 

Recently uploaded (20)

PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
PDF
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
PDF
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PPTX
Module on health assessment of CHN. pptx
GurdeepSingh626704
 
PDF
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
PDF
semiconductor packaging in vlsi design fab
KarpoorasundariK
 
PDF
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
PDF
English Textual Question & Ans (12th Class).pdf
javaidpaswal33
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
PDF
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
PDF
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
PDF
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
PPTX
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PDF
CRP102_SAGALASSOS_Final_Projects_2025.pdf
City and Regional Planning, METU
 
PPTX
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
PDF
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
PPTX
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
PPTX
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
Race Reva University – Shaping Future Leaders in Artificial Intelligence
RACE REVA University
 
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
Module on health assessment of CHN. pptx
GurdeepSingh626704
 
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
semiconductor packaging in vlsi design fab
KarpoorasundariK
 
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
English Textual Question & Ans (12th Class).pdf
javaidpaswal33
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 
BP 704 T. NOVEL DRUG DELIVERY SYSTEMS (UNIT 1)
CMEmpire
 
FOISHS ANNUAL IMPLEMENTATION PLAN 2025.pdf
EllenJoyCaniya2
 
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
CRP102_SAGALASSOS_Final_Projects_2025.pdf
City and Regional Planning, METU
 
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
B.Sc. DS Unit 2 Software Engineering.pptx
Dr. Pallawi Bulakh
 
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 

The right to delete

  • 1. The right to deletePaul Bernal – London School of Economics
  • 2. Personal data on the internetMassive amounts are heldCurrent commercial models rely on itThe data that is held is vulnerable – and may be increasingly soThe existence and use of that data is something that concerns people – and rightly soIt’s our data, isn’t it??
  • 3. The right to deleteTo address the existence of this dataTo encourage the development of business models that don’t rely on the holding of dataTo begin the process of putting data subjects in control of their own data
  • 4. Personal data in the new internetThe Google/Facebook modelBehavioural trackingCommercial data gatheringThe market in personal data
  • 5. Data vulnerabilityPhysical loss – e.g. HMRC/MOD data lossesHackingVulnerability to government action:Subpoenas, USA PATRIOT act, Data retentionSwiss banking data/Chinese Google hackersCommercial vulnerabilityT-Mobile data-selling scandalChanges of ownership etc
  • 6. What can happen to lost data?Into the hands of criminals – nastier and better-targeted scamsInto the hands of governments – used without the normal restrictions (e.g. Germany)Into the hands of less scrupulous or less controlled businesses or different jurisdictionsInto the overall data morass
  • 7. What can be done?Systematic culture change – emphasis on data securityMore powerful, better resourced and better supported data protection systemsBetter use of technological protection – encryption etcMore community awareness of the issue
  • 8. But there will always be problems:Human errorsHuman maliceTechnological errorsCommunity pressuresNew technological and business ideas
  • 9. Data minimisationAlready a principle within data protection, but one that is effectively paid only lip-service toIt needs to be better enforced – both better detected and more harshly punished. Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisationNeeds to be put in the hands of the data subjects
  • 10. New business models (1)The drive behind the current web model has been the business concepts of Google and FacebookNew business models could bring about new changes – but how to get them to happen?We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that dataOne key could be giving data subjects the right to delete
  • 11. New business models (2)Currently it is the business that decides whether data should be held, anonymised or deletedIf that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being heldInstead, they might look for ways to use the data immediately, then discard it
  • 12. The right to deleteNot ‘the right to be forgotten’ – no rewriting of history or censorshipA change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other wayThe right needs to be made easily applied – access to data and then the ability to delete it directly on the webA shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers
  • 13. When can data be held?Paternalistic reasons – for the benefit of the individual (e.g. medical data)Communitarian reasons – for the benefit of the community (e.g. criminal records)Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls)Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’)Security reasons – for national security or criminal investigations (e.g. data retention laws)
  • 15. Deletion and anonymisationClosely related – and complexData can relate to more than one individualData controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option
  • 16. Data protection principlesThe right to delete extends and improves implementation of data protection principlesFirst point is better data access rightsSecond is putting data minimisation in the hand of the data subjectImportant to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it
  • 17. ImplicationsGives individuals more control and autonomyForces those holding data to justify why they’re holding it – in such a way that users understandEncourages the development of better business modelsCould end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models
  • 18. Human rights in the online worldWith our online life more and more integrated into our offline life, we need to focus on rights in the online worldThose rights must include our ability to control and shape our digital footprintThe right to delete data is just one of the rights that will be needed.p.a.bernal@lse.ac.ukhttp://personal.lse.ac.uk/bernal