The European Union’s General Data Protection Regulation’s Article 17 contains a “right to forget”. This enables a “data subject” to demand that personal data about them be erased, and that anyone to whom the data has been distributed be informed of the data subject’s request.. It is an attempt to implement privacy, which can be defined as the right of the individual to control the dissemination of information about himself or herself, and to control what is done with that information.

  1. What technical problems does doing this entail?
  2. Assuming this cannot be implemented directly, what might be done to achieve a similar effect?
  3. What problems might arise when someone, or some organization, exercises this right?

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of May 22, 2018 at 6:39PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh