Most people have something online they'd rather not have follow them around forever — an old news story, an embarrassing post, outdated personal details. The right to be forgotten is the legal concept that says, in certain circumstances, you can request that information about you be removed from public view online. But it's not a universal delete button, and understanding what it actually covers — and doesn't — matters before you expect anything from it.
The right to be forgotten (also called the right to erasure) is a privacy principle that gives individuals the ability to request the deletion or delisting of personal information held by organizations or indexed by search engines.
The idea is straightforward: people change, circumstances change, and old information can cause ongoing harm that's disproportionate to any public interest in keeping it visible.
In practice, this right operates on two levels:
These are related but distinct. Delisting removes a result from search — the original page may still exist. Deletion removes the data from a system entirely.
The right to be forgotten gained significant legal footing with a 2014 ruling by the Court of Justice of the European Union (CJEU). The case involved a Spanish man who wanted Google to stop linking to an old newspaper notice about a debt he'd already resolved. The court sided with him, establishing that individuals could request search engines remove links to outdated or irrelevant personal information.
This principle was later codified into law through the General Data Protection Regulation (GDPR), which came into force across the European Union in 2018. Article 17 of the GDPR formally establishes the right to erasure.
Outside the EU, this right exists in varying forms:
| Region | Legal Status |
|---|---|
| European Union | Strong legal right under GDPR |
| United Kingdom | Similar right under UK GDPR post-Brexit |
| California (USA) | Limited right under CCPA/CPRA for consumers |
| Brazil | Right to erasure under LGPD |
| Most of the US | No comprehensive federal right |
| Many other countries | Patchy or no formal legal protection |
The geographic reality is important: where you live — and where the company holding your data is based — heavily shapes what rights you actually have.
This is where many people get surprised. The right to be forgotten is not absolute. Requests can be refused, and the law typically requires that the information meet certain criteria before removal is warranted.
Under GDPR, grounds for erasure generally include situations where:
These grounds have to be weighed against competing considerations.
Here's the tension at the heart of this right: privacy doesn't always win. The right to be forgotten has to be balanced against:
This means that a public figure's request to remove information about their conduct in a public role will likely be treated very differently from a private individual's request to remove personal details from an old data breach.
A key factor courts and regulators weigh is whether the information still serves a genuine public interest proportionate to the privacy harm it causes.
The mechanics vary depending on what you're trying to remove and from where.
Major search engines like Google have online forms specifically for submitting right-to-be-forgotten requests. The process typically involves:
Search engines assess each request individually. They may approve it, partially approve it, or refuse it — and they can apply different standards depending on your location. 🔍
Importantly, approved delistings are typically geographically limited — a result removed from Google's European domains may still appear on Google.com for users outside those regions.
If you want a company to delete the personal data they hold about you, the process involves submitting a formal erasure request directly to that organization. Under GDPR, companies generally have one month to respond.
Organizations may decline if they have a lawful reason to retain the data. If you're unsatisfied with their response, you can escalate to the relevant data protection authority (in the UK, that's the ICO; in the EU, it's your local supervisory authority).
It's worth being clear about the limits: ⚠️
If someone specifically knows the URL of a page, they can still visit it even if it's been delisted from search results.
The right to be forgotten sits at the intersection of two values that both matter: the individual's interest in controlling their own story, and society's interest in accurate information and accountability.
Supporters argue that the internet's permanence is historically unusual — people have always had the practical ability to move on from past mistakes, and digital records shouldn't eliminate that.
Critics argue that the right can be used to suppress legitimate journalism, hide misconduct, or rewrite history for the powerful.
Neither side is entirely wrong, which is why the right exists but isn't absolute — and why each case turns on its specific facts.
What determines whether a request succeeds tends to come down to: who the person is (public figure vs. private individual), what the information is about (personal data vs. matters of public record), how old and relevant the information remains, and where the request is being made.
Understanding that landscape is the first step. Whether your specific situation would qualify — and what process applies to you — depends on details that vary case by case.
