LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Erasure request refusal

  Quote
Guest
Guest user Created:   Dec 09, 2021 Last commented:   Dec 10, 2021

Erasure request refusal

Hello, I have contacted a company that manages a messaging app I used in the past to request information about exercising my right to erasure (Article 17(1) GDPR), since they say they're GDPR compliant. In particular, my question to them was about having my messages/posts (private and public) deleted when they close my account. They say they would refuse to delete these messages, since they argue that would interfere with other users' right to free expression and information (Article 17(3)(a)), as there would be gaps in the conversations potentially leading to misinterpretations or the lack of important context. My questions to you are: 1. are the messages and posts I sent through the app considered personal data under GDPR to the extent that the app would have to delete them under request? 2. is the exception in Article 17(3)(a) a valid ground for refusing this request in this case? Thank you very much for your attention.
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Tudor Galos Dec 10, 2021
1. Hello, I have contacted a company that manages a messaging app I used in the past to request information about exercising my right to erasure (Article 17(1) GDPR), since they say they're GDPR compliant. In particular, my question to them was about having my messages/posts (private and public) deleted when they close my account. They say they would refuse to delete these messages, since they argue that would interfere with other users' right to free expression and information (Article 17(3)(a)), as there would be gaps in the conversations potentially leading to misinterpretations or the lack of important context.

My questions to you are:

Are the messages and posts I sent through the app considered personal data under GDPR to the extent that the app would have to delete them under request?

The right to be forgotten or the right to erasure is not an absolute right, it depends on the data controller’s retention schedule which must be based on one of the six legal grounds for processing personal data (storage is a data processing operation).

Related to your question, yes, messages and posts that you submitted through the app are considered to be personal data.

You can find more details at this link:

2. Is the exception in Article 17(3)(a) a valid ground for refusing this request in this case?

In my opinion, Art 17 (3) (a), that specifies that right to be forgotten does not apply when exercising freedom of expression is not a valid ground for refusing your request in this case, is not a valid ground for refusing your request in this case. This article should be invoked only when the processing of personal data is done solely for journalistic purposes, or for the purposes of academic, artistic, or literary expression. The data controller could take technical and organizational measures to fulfill your request, such as anonymizing your identifiers – name, surname, username, nickname, etc. For example, they could change your username to something like anonymous_user and modify all your posts/comments and answers to your posts/comments. If they cannot do this, it would mean that the data controller is in breach of Art 25 GDPR, Data protection by design and by default, which states that “the controller shall, […], implement appropriate technical and organizational measures, […], in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”

You can find more details at these links:

To learn more about the right to be forgotten, see this free online training: GDPR Foundations Course https://training.advisera.com/course/eu-gdpr-foundations-course/  

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 09, 2021

Dec 10, 2021

Suggested Topics