Analysis of the right to be forgotten under the GDPR in the age of surveillance capitalism

Abstract

The definition of personal data is evolving in the modern age. With the emergence of new technology, new commercial practices and the increase in the value of data, companies are looking for ways to extract as much value as possible from the data of their users and gain an edge on their competition. Among these practices there are various legal concerns such as the right to be forgotten under the GDPR, how well it can be ensured and whether it can be ensured. Because of competition, companies may engage in practices that may not be legal in terms of data collection in order to benefit and increase their market dominance. Overall, the right to be forgotten is not adequately ensured under the GDPR in terms of copied information due to a lack of clear enforcement terms and definitions. Profiling is well regulated and defined, however, in real practice most companies do not admit that their work revolves around profiling or benefitting from an ecosystem built on profiling, which means that in reality profiling is still a big issue. Harmful data extraction is regulated, as well as there is a case brought before Germany’s competition authority regarding abuse of market position by a dominant social network. This case can bring attention to harmful data extraction and increase the quality of its regulation, while it is currently not defined under the GDPR. Overall, the GDPR suffers from a lack of definitions and enforcement terms, which could be fixed by computer scientists and legislators collaborating more closely.