Data. Do you think that if data is about you, then you own it? Think again because it might not be the case. This isn’t fearmongering. It’s not a statement designed to intimidate or scare, but in an age where we share our personal information almost daily and our digital presence is sometimes bigger than our physical selves, the position is not always clear. And there are a few misconceptions that deserve clarifying.
‘The right to erasure (also known as ‘the right to be forgotten’), is an expression that has become somewhat familiar since the GDPR came into effect last year. In short, it means that you have the right to have your personal data deleted. Last year, the concept hit the press quite spectacularly when an English court ruled against Google in the case of an individual seeking to have certain personal information about him removed from Google search results.
Cutting through the legalese
When experts talk about the rights and responsibilities around personal data, they sometime fail to fully explain the terms they use. ‘Data subject’, is a good example. It simply means ‘an individual’ or a natural person who can be identified or identifiable – you, me, our family, etc. You may also hear about a ‘Data Controller’ – this is the organisation who decides how to use your data.
Another frequently overlooked term is ‘Personal Data’, which sounds obvious, but it’s important to be aware of the breadth of what this can cover. Names, email addresses and bank details are obvious examples of personal data. However, loyalty cards, payroll, medical records, your fingerprint, health conditions, GPS location, IP addresses, cookies and radio frequency tags: can all be personal data when used to identify you. If you’re unhappy with who is storing this information and wish to have your personal details removed from their records, the GDPR sets out a clear way to approach this.
But before you start drafting an email, it’s really important to understand whether you actually want to be erased in the first place.