Consumer Complacency And Mistrust Could Undermine EU’s ‘Right To Be Forgotten’

Right To Forget

New research suggests that consumers doubt whether the widely-publicised ‘right to be forgotten’ will work in practice. The European study found that the overwhelming majority (92 per cent) of consumers in the UK say they now deal with so many organisations, both online and offline, that they no longer know who holds what information about them.

At the heart of the EU’s proposed data and privacy protection reforms is a belief that the protection of personal information is a fundamental right for all Europeans. Any organisation that fails to do its utmost to respect this right could face a fine of up to 2 per cent of its global turnover. Under the proposed changes to European law, consumers will be able to ask companies that hold information about them to remove it.

However, close to three in four consumers (74 per cent) in the UK are not convinced that the benefits of having their information deleted would be worth the bother of asking for it to be removed, and 86 per cent don’t believe a company would honour the request anyway, even if the company assured them that their information had been deleted.

Furthermore, there is confusion when it comes to the kind of information a person can ask to have removed. Most of those surveyed in the UK believe they would be entitled to ask for personal information (91 per cent), financial details (64 per cent) and email correspondence (54 per cent) to be deleted. Less than half think their rights would extend to recorded telephone conversations (42 per cent) or social media posts (32 per cent).

Close to half (45 per cent) believe that information held on paper – such as letters or completed forms – would be covered by data protection laws, despite the fact that two thirds (64 per cent) of respondents feel information on paper is easier to destroy than information held about them online.

Almost everything we do creates an information trail that can be collected, processed and possibly shared. Organisations that collect this information need to manage it carefully and protect it securely. The proposed EU data protection reforms are a good first step to better protecting consumers.

The research suggests that consumer attitudes have shifted since the EU reforms were drawn up on the back of a wave of consumer data fears in 2011. While consumers today remain happy to conduct much of their business and social lives online, they no longer trust organisations to comply with a request to delete personal data. Organisations can help overcome this pessimism by educating consumers on their policies and procedures.

Whether you hold personal information on paper, online or in an electronic database, you need to know what you hold, where you hold it, and how to delete or destroy it securely when asked to do so ‒ and to do so in a way that is transparent and accountable.

For many firms, the first step is to digitise paper documents so the data can be merged into a database. Then to archive historical or physical documents, securely destroying those records the company is no longer entitled to keep and establishing retention schedules to manage the archived information. Firms have much to gain from building trust before the law obliges them to do so. Trust builds loyalty and loyalty drives sales.

Christian Toon

In his role as head of information risk at Iron Mountain, Christian Toon is the functional lead responsible for developing and implementing information assurance policy standards, goals and strategy within the private and public sectors, so that the confidentiality, integrity and availability of customers’ information assets are preserved. He has a wealth of experience in the industry, having previously held the role of compliance and information security manager at Iron Mountain.