en(+374 11) 520 510
·
info@legelata.am
·
Mon - Fri 09:00-17:00
News
en(+374 11) 520 510
·
info@legelata.am
·
Mon - Fri 09:00-17:00
News

 

 

The right to erasure

The level of cybercrimes and so-called ‘cyberdelicts’, characterized by the use of information and telecommunication networks and, as a result, having an uncontrolled impact, is increasing, especially in the processing and use of personal data.

Despite the presence in the legislation of the Republic of Armenia of such applicable provisions as, for example, Art. 19 of the Civil Code of the Republic of Armenia, which provides for a public refutation and even judicial nullification of information discrediting honor, dignity and business reputation, information and telecommunication networks have the property of saving or “archiving” information, regardless of the limitation period and the nature of the publication in terms of legality and voluntariness which makes the damage caused indelible and the rights – unrestorable.

That is why it seems appropriate to exercise the ‘right to be forgotten’ or ‘the right to erasure’.

What is the ‘right to be forgotten’?

The original variation on the right to be forgotten was formulated in Art. 8 of the European Union Charter on Human Rights of 07.12.2000 as “the right to protection .. of personal data”. However, the ECHR in its precedent decision on the case of “Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja Gonzalez” dated on 13.05.2014 collated the right to respect for private and family life, home and communications, as reflected in Art. 7 of the indicated document, and operated with the relative right to demand to exclude personal data from the selection of the search engine.

This event served as a catalyst for the development and adoption in 2016 of the General Data Protection Regulation, which legally enshrined the definition of “the right to be forgotten” in the name of Art. 17 and also indicated the circumstances under which the mentioned right is valid and, conversely, non-valid.

So, the grounds for exercising the right to demand from the controller to delete personal data without undue delay are:

– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

– the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;

– the personal data have been unlawfully processed;

– the personal data have been collected in relation to the offer of information society services.

However, the right in question is not enforceable if the processing of personal data is necessary for:

– exercising the right of freedom of expression and information;

– reasons of public interest in the area of public health;

– archiving purposes in the public interest, scientific or historical research purposes or
statistical purposes;

– the establishment, exercise or defence of legal claims.

The example of unjustified storage of personal data on information and telecommunications networks should be considered:

A person with the status of a public authority is charged with an offence.

The situation is getting publicized, numerous news articles on the ‘Internet’ are getting published. The court subsequently acquits and rehabilitates the person, but the search engines continue to keep the indicated articles, thereby infringing on the person’s honor, dignity and business reputation because the network platform primarily ascribes a person as a criminal.

Conditionally, legal relations transfer from the sphere of criminal law to the sphere of civil law, in particular to the sphere of processing, use and protection of personal data.

This is where the right to be forgotten, which is implemented through the application of legal provisions designed to restore social and legal justice, must be invoked.

How is the ‘right to be forgotten’ reflected in the legislation of the Republic of
Armenia?

The General Data Protection Regulation is an applicable source in the Republic of Armenia, however, other higher priority legal acts of direct action in the field of processing and use of personal data also appear.

Lex generalis in this case is the Constitution of the Republic of Armenia which enshrines in Art. 34 universal right to the protection of personal data, fair processing for the purpose established by law and with the consent of the person or without such consent, the right to familiarize with the data collected in state and local authorities and to request the correction of inaccurate data, as well as to destroy the data acquired unlawfully or no longer legally justified.

Then follows the Law ‘On the Protection of Personal Data’ of the Republic of Armenia that is an analogue of the EU Data Protection Directive 95/46 / EC of 1995, art. 11 of which provides for the possibility of agreeing on the ‘regime of public information of personal data’ and establishes the right of the subject, as the owner-carrier of personal data, to demand the removal of personal data from publicly available sources or to apply a similar claim to the court. This Law also reserves for the subject the right to receive information about his personal data and the operator's obligations, mainly to delete and block published personal data.

The control over the protection of personal data is carried out by the Commissioner for the Protection of Personal Data, functioning on the basis of a decree of the Government of the Republic of Armenia.

It is also necessary to pay attention to the Charter of the Agency for the Protection of Personal Data of the Ministry of Justice of the Republic of Armenia, which regulates, in accordance with pt. 1, the activities of a separate subdivision of the Ministry of Justice that provides services in the field of personal data protection.

Conclusion

Exercising the right to be forgotten will help restore violated rights, reduce the amount of damage caused and prevent the uncontrolled spread and storage of data in information and telecommunication networks.

To this end, the following actions should be taken:

1. Determine the violated right together with the wrongfully placed and inappropriate stored personal data;

2. Request the deletion of personal data from controller and (or)

  • file a similar claim to the court;
  • convey a similar application to the Agency for the Protection of Personal Data of the Ministry of Justice of the Republic of Armenia.

Author: Anna Khalatyan / Junior Associate

Disclaimer:

This material is produced by Legelata LLC. The material contained in this newsletter is provided for general information purposes only and does not contain a comprehensive analysis of each item described. Before taking (or not taking) any action, readers should seek professional advice specific to their situation. No liability is accepted for acts or omissions taken in reliance upon the contents of this material.

Leave a Reply