If, like me, you were lucky enough to experience the early days of the Internet, you know that it was a bit like the Wild West. On the one hand, everything was to be done and discovered, but on the other hand, nothing (or almost nothing) was in place in terms of user protection. It took years for things to gradually fall into place. A bit like what we are currently experiencing in the world of cryptos, where we are discovering and implementing regulations as we go.
But as time passed, Internet users were increasingly protected by specific laws and certain guarantees (GDPR, etc.). It is no longer possible for creators of websites or applications to do whatever they want with their users’ data. To give a concrete example: at the beginning of my website, we didn’t talk at all about a legal notice page, general terms and conditions of use (GTC), consent pop-ups for cookies, or things like that. Everyone did a little bit of what they wanted at home, and there were therefore abuses.
Today we often hear about 4 rights: the right to access, information, forgetfulness, and rectification. That’s what we’re going to explore here. Of course, there are other rights, such as portability, and processing limitation… but I may talk about them in another article.
1. The right of access
As the name suggests, it allows everyone to access their own information on any site used or with any company that may have collected it (including data brokers). That being said, there is one little thing to consider, and that is that you will have to prove that you are indeed…yourself. No one else can ask for information about you.
At any time, you can contact the responsible person and ask them about what the company has regarding you, what they do with that data, and request a copy. And the answer must arrive within 2 months, otherwise, you can file a complaint.
2. The right to information
No, it’s not the right to follow the news continuously on specialized news channels, it’s rather the fact that every website owner must ask for your explicit consent to be able to process and use your data. They must also clearly identify themselves, indicate the duration of storage, and possibly the partners with whom they will share all this. Most of the time, this is done when you validate your registration for a service, subscription to a site, etc.
And this must remain easy to understand for everyone and without “hidden traps.” No pre-checked boxes, no obscure or inappropriate language for the target audience, no drowning information in 36 pages of 8-point text, etc.
3. The right to forgetfulness
We also sometimes refer to the right to erasure. As with the right of access, you will need to prove your identity securely, but once that is done, you can request the deletion of all information about you. Often when we stop using a site or service, we leave it “aside” by no longer connecting to it. However, this does not erase our data from the database, which can still be exploited, shared, or sold. Requesting deletion (if it is not possible from the administration of your account) will prevent this exploitation afterward.
This can also be done if you simply decide that your consent was wrongly obtained (changes in the intended uses, unnecessary or irrelevant information depending on the use, data of minors, etc.). Or that something has been published about you that could be prejudicial (photo on a social network that the person does not want to delete, etc.).
In case of non-compliance with this right, the company is exposed to heavy fines. This was the case in Spain for Equifax Iberica, who was ordered to pay €75,000 for not complying with a user’s request to delete their data.
4. The right to rectification
Similar to the right to be forgotten, but less definitive, the right to rectification allows you to have any data concerning you modified. Based on the same principle, you can ask an organization at any time to modify the data it holds about you. This will be useful in cases where the organization in question has outdated data (e.g. an old email address) or simply when you have made an error. A concrete example? You sign up for a website with a minimum age requirement, you make a mistake in your date of birth, and the website blocks your email address.
All these rights are often lengthy to enforce on a case-by-case basis. Especially since you still have to add all the organizations that have collected your data without your knowledge.
