In April 2018, a U.K. court ruled in favor of a businessman in his “right to be forgotten” lawsuit against Google. The defendant’s landmark win was based on a 2014 EU (European Union) ruling that “irrelevant” and outdated data should be erased on request. Google claims that since the 2014 ruling it has received at least 2.4 million requests for links to be removed from their search results and has removed over 800,000 pages in response. However, this loss could set a major precedent for what was once a gray area in which organizations who collect, store, and use consumer data could decide what is considered “relevant” information. This case is a great example of the symbiotic, but not always equivalent relationship between privacy and security. The defendant expected privacy in return for his time served, remorse for his indiscretions, and dedication to rehabilitation. Google held that access to lawful information was the public’s right and that removing that access increased the risk for repeated wrongdoing by the defendant, which outweighed the defendant’s right to privacy.

Data Privacy

For the purposes of this article, data privacy refers to the public expectation to have complete control over who accesses their private information and how they use it. As more of our personally identifiable information (PII) is digitally shared in the cloud, organizations must consider the ethical, legal, and business implications of engaging with that data for their day-to-day business needs. Issues regarding who is responsible for ensuring that data remains private and what data is classified as private are regularly called into question in today’s headlines. Most recently, the EU has been in the data privacy spotlight with the GDPR (General Data Protection Regulation) which became effective May 25, 2018. However, one doesn’t have to look far to find other headlines in which data privacy is a recurring theme: