22 March 2019

Exercising my Right to be Forgotten

Regulation EU 2016/679, also known as the General Data Protection Regulation (GDPR) is something I deal with professionally on a daily basis. I know more about this European law than the average individual. So it is kind of interesting for me when I recently exercised one such right I have that this regulation stipulates. This is the right to erasure, also known as the right to be forgotten, which is described in GDPR Article 17. By invoking this right, I successfully made a part of the Internet containing personal information pointing to me disappear.

See, a few months ago for some reason I found that a file was freely accessible on some website, and this file happened to be an old copy of my academic CV. It was several years old, outdated by now, and yet it was still easy to find and access. I used to have a professional website for academic purposes (academia encourages its members to have websites that would showcase their research and other accomplishments), and yes, I used to have a PDF of my CV uploaded. But of course once I shifted course and left academia, I took down these websites, as well as the associated files, like my CV. Now I have LinkedIn, which serves the purpose I need given my current environment.

Anyway, I found it weird that for some reason my very outdated CV was still floating around. So I decided to take it down, by invoking Article 17 of GDPR. I contacted the Data Privacy Officer of the company that owns the website where I found it, and sure enough, within 24 hours, I received a response saying they took it offline. And yes, when I check it again, it now gives me a 404 error.

That felt good.


  1. Wow, that's efficient! Pretty awesome to see that some EU regulations are working as designed. I'm... shocked :-D

    I had *a lot* of work when the GDPR came into force, mostly translating terms and conditions updates for many North American websites doing business with Europe.

    1. Zhu,

      I must say I am a fan of the EU. Yes, there's a shitload of bureaucracy, but in the long run it does work. And yes, I am also a fan of the GDPR, mostly because its intention is to bring back to everyone ownership of their own personal data. And yes, it is being enforced.

      I can imagine why you had a lot of work when the GDPR came into force. After all, this law has a long arm, given that the territorial scope reaches beyond the EU as long as the personal data is about EU residents.