How the European Court of Justice Case "right to be forgotten" can be relevant for cybersecurity

Resumen o Introducción

The Internet is overwhelmed by personal data, that are massively collected and traded, and it is quite common in our everyday life to hear news concerning cyber-attacks, or generally cyber-threats that, increasingly, have the purpose of violating users’ data. Moreover, States on an international level have shown serious difficulties in creating binding treaties to protect efficiently the data subjects as some recent scandals proved. In fact, with the growing importance and involvement of personal data it will be difficult to think at all the authorities to prevent or to countercheck efficiently the future cyber-threats and so I would like to show in the following chapters how the right to be forgotten might become the crucial factor with which individuals can protect themselves and their rights.

Furthermore, I will try to analyze the right to be forgotten and its relevancy for cybersecurity within three fundamental aspects. Firstly, how EU citizens may use appropriately the right to be forgotten to prevent the harmfulness of cyber-attacks; secondly, which are the limits of this right in order not be itself prejudicial for cyber-security, eventually the tensions among citizens, governments and enterprises in ensuring protection and security.

The right to be forgotten has been analyzed by the European Court of Justice in “Google Spain Case” taking as a reference point the directive 95/46. In the judges’ opinion, Google and the other search engines must be considered as “the controllers” and they have the duty to erase those data that have not any more a public interest that justifies them, and if there is an order laid down by a judge.

In this research I am taking into account some issues of Italian National Law, that can be useful to extend the reasonings analogically to other Countries. Furthermore, to analyze the digital education of the data subjects I am taking as an example Singapore.