What is Right to Be Forgotten?

The right to be forgotten is one of the most powerful privacy rights in the world — and one of the most underused. It gives you the legal power to demand deletion of your personal data.

How It Works Under GDPR

You can request erasure when:

• The data is no longer necessary for its original purpose
• You withdraw consent and there's no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data was processed unlawfully
• The data was collected from a child

Organizations must respond within 30 days (extendable to 90 in complex cases).

What You Can Request Removal Of

• Search engine results: Google, Bing must delist pages about you upon valid request
• Social media posts: Platforms must delete your data and content
• Data broker listings: Brokers must remove your profile
• Company databases: Any company holding your personal data without ongoing legitimate purpose
• Forum posts: Platforms must delete your identifiable content
• News articles: In limited cases, outdated or irrelevant articles can be delisted

Where This Right Exists

Jurisdiction	Law	Strength
EU/EEA	GDPR Article 17	Strong — enforceable with fines up to €20M
UK	UK GDPR	Strong — mirrors EU GDPR
California	CCPA/CPRA	Good — "right to delete" with some exceptions
Virginia, Colorado, Connecticut	State privacy laws	Moderate — right to delete personal data
Brazil	LGPD	Strong — right to deletion
Japan, South Korea, Argentina	National privacy laws	Varying protections

Limitations

• Public interest: Journalism, historical archives, scientific research may override
• Legal obligations: Companies can retain data required by law (tax records, etc.)
• Freedom of expression: Legitimate speech interests may prevent removal
• Technical limits: Data in backups may take time to purge; data in trained AI models is difficult to remove
• Geographic scope: GDPR applies to EU processing; US has no federal equivalent

How to Exercise This Right

1. Identify who has your data — Search for yourself online, check data brokers
2. Send a formal request — Email the organization's Data Protection Officer (DPO) or privacy team
3. Cite the specific legal basis — GDPR Article 17, CCPA Section 1798.105, or relevant local law
4. Be specific — Describe exactly what data you want deleted
5. Keep records — Document all requests and responses
6. Escalate if needed — File complaints with your national data protection authority if requests are ignored
7. Use Google's removal tool — google.com/webmasters/tools/legal-removal-request for search result removal

For US Residents

While there's no federal right to be forgotten in the US, you can still:

• Exercise deletion rights under California, Virginia, Colorado, Connecticut, and other state laws
• Request removal from data broker sites (opt-out processes)
• Use Google's personal information removal tool
• Engage a vetted data removal service — compare options on /remove; examples include Optery, DeleteMe, and others
• Send cease and desist letters for unauthorized use of personal information