Data Protection and The Right to be Forgotten

We have extensive experience of enforcing data protection rights, now enshrined in the General Data Protection Regulation (GDPR), including the right to erasure (better known as the “Right to be Forgotten”), the right to object to processing and the right of access.

Data protection law provides a vital tool for any individual seeking to enforce their rights in respect of intrusive, improper or unauthorised use of their personal information.

The Right to be Forgotten

  • Internet Search Results

If there is information about you on the internet you would rather wasn’t there, you may be able to get it removed by exercising your rights to privacy and data protection.
We can help you seek the removal of links to historic, irrelevant or inaccurate data that appears in name-based internet search results.

Exercising this right can help reduce the visibility of historic, adverse material in your online profile.

We can help with delisting requests to internet search engines including Google, Yahoo and Bing and can advise on complaints to the Information Commissioner’s Office [ICO], escalating to legal action where appropriate.
The information that may be delisted may include information about spent convictions or past criminal prosecutions.

We were at the vanguard of the implementation of this right in this jurisdiction, acting for the claimants in the landmark cases of NT1 and NT2 -v-Google, where articles reporting convictions that had become spent appeared prominently in Google search results.

  • Due Diligence Reports

Reports generated about you for the purpose of standard Know Your Client (“KYC”), ‘onboarding’ and due diligence procedures, including by organisations such as World-Check and WorldCompliance, may contain data that is inaccurate or out of date and which may be being processed in breach of your data protection rights.

We can help you to discover what information such organisations may hold about you and make available to their subscribers, as well as seek the amendment or sometimes removal of such information from their databases. We also have a strong track record in securing compensation/damages for clients whose rights have been infringed.

We advise clients on a wide range of issues relating to due diligence reports, such as the inclusion of inaccurate, historic and out-of-date information; reliance on inappropriate sources or ‘fake news’ websites; references to international watchlists or allegations of terrorism; and clients who have been categorised as a ‘Politically Exposed Person’ (‘PEP’) due to a public role, office or association.

  • Source publishers and online resources

In some cases, we can ask the source publishers to remove material that is published in breach of data protection rights, for example where the material is inaccurate. Material can include photographs, video and other information including financial, medical and other sensitive or personal information.

We can also advise you in circumstances where your personal information is accessible in other web-based resources, including online encyclopaedias, directories and public databases.

Rights of Access

We advise individuals on their rights of access and data controllers on how they respond to a data subject access request.

Data Breaches

We can advise on your rights if your data is lost or stolen or if it used in a way that is not authorised by you, and can assist with claims for compensation for data breaches.

24/7 Partner-led Crisis Response

We have a 24-hour, 365 days of the year crisis management response team – one of our specialist partners is always available to respond to urgent crises at any time.

Case studies

Carter-Ruck successfully sued Google on behalf of a businessman in a ground-breaking High Court case which implemented the “right to be forgotten” in England and Wales. Google was required to delist webpages from the results of searches relating to the claimant’s name

The court ordered Google to delist results about a man’s spent conviction from searches against his name, and upheld his claim for breach of data protection rights and misuse of private information.

The man’s conviction is spent under the UK’s Rehabilitation of Offenders Act, which protects many ex-offenders from the lifelong stigma of past offences.

The judge said the fact that a conviction is spent “will normally be a weighty factor against the further use or disclosure of information about those matters”.

We are working with the charity Unlock helping affected individuals with spent convictions.

Case studies

Arvind Tiku v S-RM Risk & Intelligence Services Ltd. Carter-Ruck represented businessman Arvind Tiku in a data protection claim against S-RM Intelligence and Risk Consulting Limited.

Carter-Ruck represented businessman Arvind Tiku in a data protection claim against S-RM Intelligence and Risk Consulting Limited [S-RM], a due diligence firm which had prepared reports for clients for KYC purposes which contained serious inaccurate allegations about Mr Tiku.

In light of information and documentation provided by Mr Tiku, S-RM agreed to delete the relevant reports and has informed the clients who received such reports accordingly. In doing so, S-RM took account of the documentary evidence disclosed, the retraction of similar allegations by a Swiss NGO and the fact that the Swiss and Kazakh authorities investigated the business dealings of Mr Tiku, and that such investigations were closed in 2013 with no charges brought and no finding of any wrongdoing. On this basis, S-RM accepted that the allegations investigated by the authorities are false.