What Is the Right to Be Forgotten?

Where the phrase comes from

The "right to be forgotten" is a popular name rather than a legal heading. It entered everyday language after a 2014 decision of the Court of Justice of the European Union (the Google Spain case), which held that, in certain circumstances, a search engine could be asked to remove particular results from the list shown when someone searches a person's name. That is where much of the public image of the right was formed.

It is worth being precise about what that early idea covered. It was about delisting specific search results — making a result harder to find under a name search — not about deleting the underlying page or erasing a person from the internet. The web page itself stayed where it was; only its appearance in certain search results changed, and even then only after a balancing exercise.

When UK GDPR was written, the law gave this area a formal name: the right to erasure, set out in Article 17. The heading of that article even notes the popular alias in brackets. So the famous phrase and the legal right are connected, but they are not identical — and the gap between them is where most of the confusion lives.

What the real right actually is

Under UK GDPR, the right to erasure lets you ask an organisation to delete personal data it holds about you — in certain circumstances, not in every case. It applies, for example, where the data is no longer needed for the purpose it was collected, where you withdraw consent the organisation was relying on, or where the data has been handled unlawfully.

Crucially, the right is not absolute. An organisation can sometimes keep your data despite an erasure request — for instance where it must do so to comply with a legal obligation, or where the information is needed to establish or defend a legal claim. So a request is a question the organisation must consider properly and answer, not a switch that automatically deletes everything.

The right also runs against a specific organisation that holds your data, the data controller — not against the internet as a whole. You ask the company or service that holds the data; you cannot, with one request, reach into every site, copy, and search index that might mention you.

• Applies in defined circumstances — for example, data no longer needed, or consent withdrawn.
• Not absolute — an organisation can keep data where the law requires it or a claim depends on it.
• Runs against a specific data controller — the organisation that holds the data, not the whole internet.

Myth versus the calm reality

The popular picture is of a single button that scrubs a person from existence online. The reality is narrower and, in a way, more reassuring: it is a defined right to ask a specific organisation to delete specific data, which that organisation then weighs against the rules. Search-result delisting and full deletion are different things, and neither guarantees that information disappears everywhere.

Understanding this changes how you approach it. Rather than expecting everything to vanish, you can look calmly at what is actually public about you, decide what genuinely matters, and then frame a clear erasure request to the right organisation — alongside related rights, such as asking what an organisation holds in the first place through a Data Subject Access Request. The right to be forgotten is one tool among several, used deliberately, not a magic eraser.

OSINTA helps you understand your own footprint and frame and route these requests with your findings in front of you; it does not delete data for you and cannot promise removal, because that decision rests with whoever holds the data. This is general information, not legal advice — for advice on your own situation, consider speaking to a qualified adviser or your data-protection regulator.

Frequently asked questions

Related terms

• Right to be forgotten
• Right to erasure
• GDPR (General Data Protection Regulation)
• Online identifier