MPs have just begun to scrutinise new legislation intended to make the UK’s data protection legislation fit for the digital age. One key principle enshrined in the Data Protection Bill, 2017 (which implements the much-publicised General Data Protection Regulation (GDPR) is the ‘right to be forgotten’. This enables people to ask data controllers to move or delete personal data.

The new data protection regime is likely to have far-reaching implications for our clients. We expect our commercial clients to experience a greater volume of requests to delete information as individuals, more than ever aware of their rights, take the opportunity to enforce them.

But how easy will it be for individuals to enforce these rights in practice?



The right to be forgotten (sometimes more appropriately referred to as the right to erasure) makes it easier for an individual to ask for his or her personal data to be removed when there is no compelling reason for it to be retained and used.

One of the legal cases that led to the right being recognised is a good illustration of why it matters. It involved Hugo Guidotti Russo, a plastic surgeon based in Madrid. When he carried out internet searches of his name he was confronted with prominent links to historical stories about a legal claim against him for an allegedly negligent breast operation. According to the 20-year-old articles, he faced a lengthy prison sentence and a multi-million euro fine. There was no mention of his acquittal. Russo argued that – so many years after the complaint – when the matter had been settled, there was no justification for the details to continue to appear.

As well as introducing the right to be forgotten, the UK government has also indicated that individuals will be able to ask social media companies like Facebook to delete information that they posted in their childhood. This power has been labelled the ‘right to innocence’.



No. The right must be balanced with the right to freedom of expression so the right only exists in certain circumstances. There are also some exemptions that will safeguard for example the processing of data by journalists for freedom of expression reasons and when uncovering wrongdoing.



Most of the discussion around the right to be forgotten has, rightly, centred on how Google and other search engines will respond to their new obligations to delete information. But it is important to remember that GDPR applies to all data controllers, of which Google is just one.

It may therefore be invoked in a whole range of situations – not just to remove embarrassing Facebook posts or unflattering Google search results. Any company that holds personal information may be requested to remove it. There may be consequences for human resource departments and others. What if they retain details of disciplinary warnings that have lapsed? Or marketing companies that hold historical information about customers or potential customers. It’s forseeable that they too would be obliged to comply with a legitimate right to be forgotten request.



Traditionally internet search engines companies have been slow to remove material under the right to be forgotten. For this reason Big Data Law has regularly been instructed by individuals to apply to Google UK and others for data removal. Under GDPR there is a new, much stricter sanctions regime (including very large financial penalties for non compliance). What the impact of this on the way data controllers like Google treat requests for information removal remains to be seen.

Google and others have introduced processes aimed at making it easier to request the removal of data. But right now enforcement of the law is to a degree in a state of flux. Google says it refuses half of the removal requests it receives. The reason? The requests don’t show how the relevant data meets the legal criteria for removal. So this shows that it’s crucial to make the strongest possible case to Google and other data controllers when seeking to have information removed. At Big Data Law we can ensure your request is framed correctly and pursue your case with the Information Commissioners Office if necessary.

If you have concerns about how data about you is being used online or elsewhere, get in touch. You can call us on +44 (0) 7545 813 894 or contact us online.


Shuba provided excellent help in a very tough case, and acted above and beyond my expectations. With her friendliness, passion, and a wealth of knowledge, she made me feel comfortable in a trying time, and her professional services led to quick results in my case. I can highly recommend her services.

Cecilie Harris ***** See more reviews


Shubha Nath is director of Nath Solicitors, a boutique London law firm specialising in commercial contracts, company laws (formation/shareholder matters/M&A) and private and commercial dispute resolution.


When we state we partner with you to achieve results, it’s not just a slogan. Many of our solicitors have spent years working in the City, and we are passionate about business and helping our clients achieve their objectives.

See more on Nath

Shubha Nath