The Right to Erasure also known as The Right to Be Forgotten (International Trade Law and Data Protection) (Ro: dreptul la ștergerea datelor/dreptul de a fi uitat, Fr: droit à l'effacement / droit à l'oubli, Es: Derecho de suppression/el derecho al olvido, Gr: δικαιώμα διαγραφής/δικαίωμα στη λήθη) = the right of the data subject to submit a request to the controller for the erasure of personal data concerning them. Deleting data means eliminating all the information from the database or the Internet pages. Data erasure represents a form of processing of the personal data of the persons (data subjects) who gave their consent for such action. The right to erasure is enacted in Article 17 of the General Data Protection Regulation.

The data subject has the right to be ensured that their data is erased and not processed if such data has lost its relevance, is not valid or the consent for the data processing has been withdrawn. This right suggests the ownership of the data subject over their personal data and implies some control of the individual over the information referring to them, the individual being the one to decide what happens with the personal data. This right represents a step towards strengthening the control of data subject on their own data and their empowerment as they no longer have only the possibility but the right to withdraw their consent to the processing of their personal data.

Given the fact data protection is closely related to the Internet activity, most of the times the right to be forgotten finds its practical use online. Yet, often, in search engine practice, ‘deletion’ means delisting pages containing personal data of the data subject and access to these pages is restricted. Therefore, the right to be forgotten is actually seen as ‘a right to be found harder on the Internet’.

The data shall not be erased if the processing of this information is necessary for: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation […]; (iii) for reasons of public interest in the area of public health […]; (iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes […]; (v) for the establishment, exercise or defence of legal claims. [Article 17 (3) GDPR]


Useful links:

Legislation – Regulation (EU) 679/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) [English] – Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, (no longer in force) [English] – Legea nr. 677/2001 pentru protecția persoanelor cu privire la prelucrarea datelor cu caracter personal și libera circulație a acestor date / Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, (no longer in force) [Romanian]


Case Law – The European Court of Justice, Judgement of 14 May 2014, Google Spain, C-131/12, EU:C:2014:317 [English]

Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González: a Spanish citizen – Mr G has made a complaint that the listing of his name in the Google search engine resulted in the search for two web addresses of La Vanguardia that related to an announcement prefiguring his name on a real estate auction associated with a social security debt recovery procedure. Mr G asked Google to delete or modify the existing pages so that the personal data is protected, claiming that their publishing was irrelevant. AEPD partly rejected this complaint for the publication of the information by La Vanguardia was justified, yet admitted it to the extent that it concerned both Google Spain and Google Inc., considering that as personal data controllers, they had to comply with data protection legislation and recognizing the ability to dispense search engines with the withdrawal of data or erase data if it is found that the processing could undermine the right to privacy of the data subject. - Court of Appeal of California, Fourth District, Melvin v. Reid, 112 Cal. App. 285 (Cal. Ct. App. 1931) [English]



Zanfir G. Protecția datelor personale. Drepturile persoanei vizate, Ed. C.H.Beck, București, 2015 [Romanian]

Șandru S., Protecția datelor personale și viața privată, Ed. Hamangiu, București, 2016 [Romanian]


Online Publications

Ambrose M.L., Ausloos J., The Right to Be Forgotten Across the Pond, in Journal of Information Policy, Vol. 3 (2013), retrieved from [English]

Ausloos J, The Right to Be Forgotten – Worth Remembering? In Computer Law and Security, no. 28 (2012), retrieved from [English]

Bennet S.C., The Right to be Forgotten: Reconciling EU and US perspective, in International Law Review, Berkeley, Vol. 30 (1) (2012), retrieved from [English]

Bunn A., The Curious Case of the Right to Be Forgotten, in Computer Law&Security, no. 31 (2015), retrieved from [English]

Bartolini C., Siry L., The Right to Be Forgotten in the Light of the Consent of the Data Subject, in Computer Law&Security, no. 32 (2016), retrieved from [English]

Șerban A., Reglementarea dreptului de a fi uitat / The Enactment of the Right to Be Forgotten, in Analele Științifice ale Universității „Alexandru Ioan Cuza” Iasi, Tomul LXIII, Științe Juridice, nr. II, 2017, retrieved from [Romanian]


Practical Use

Factsheet on the ‘Right to be Forgotten’ ruling (C-131/12), European Commission, retrieved from


By Andreea Serban