Prior to the advent of modern technology, the possibility of eluding our history was more likely, but after the advent of the internet, our mailboxes, social media and online archives serve as perpetual extensions to our fallible memories.

Today, information is no longer lost, even if it would not have been retained naturally. Modern technology helps us keep records of relevant past events that we might otherwise have lost, but it also implies that seemingly small and irrelevant parts of our histories can come back to haunt us.

Recently, as I was reading EU’s new Data Protection Regulation, I came across a seemingly novel right, known as ‘right to be forgotten’, that has come to the international fore.

When one hears or reads about that right, there are various questions likely to spring to one’s mind: what’s the right to be forgotten? What’s its purpose? How did it evolve?

To Rwanda, or in the EAC region, is that right domesticated in its legal terrain? Is it important anyway?

In truth, the right to be forgotten seems odd to very many countries, but has been entrenched in the general European perspective on privacy and government regulation.

The right to be forgotten in the context of digital memory and/or data retention has its legal background, specifically, in EU Data Protection Directive as a fundamental right to privacy. The ‘right to be forgotten’ refers to the situation where a historical event should no longer be revitalised due to the length of time elapsed since its occurrence.

More specifically, the right to be forgotten reflects the claim of an individual to have certain data deleted so that third parties can no longer trace it. Therefore, the right to be forgotten is based on the autonomy of an individual becoming a right holder in the respect of personal information on a time scale.

Additionally, the right to be forgotten can be considered as being contained in the realm of personality, encompassing several elements such as dignity, honour, and the right to private life.

The ‘right to be forgotten’ is generally considered to be an aspect of the protection of personal data. It relates fundamentally to the creation and maintenance of a reasonable level of informational privacy through appropriate personal data control mechanisms.

Essentially, right holders rely on their own autonomy to individually decide on the possible use of their own data.

In May, 2014, the right to be forgotten was reaffirmed by the EU top (known as the Court of Justice of the European Union), which ordered Google Spain or Google Inc. to remove links of personal data of a Spanish citizen who had complained against Google Spain or Google Inc. to remove personal information from Google’s search results that was no longer necessary or outdated.

The problem arises on balancing the individual’s ‘right to be forgotten’, especially about a person’s criminal past, and the public’s right to access the information for reasons of public interest.

Of course, Rwanda, like many countries across the globe, doesn’t recognise the right to be forgotten. This right is important for one main reason; that if one’s personal data was collected for a specific purpose, and it’s is no longer serving its purpose in a specified time, should be deleted from database.  

Here, a question can emerge: would it be necessary to keep personal data for longer than is necessary for the purposes for which the data were collected or for which they are further processed?

The right to be forgotten gives a leeway to the concerned personal to request data controller such as search engine, for example Google, to remove that information from its search results because it’s outdated or irrelevant in the public domain. In doing so, the claimant wishes to safeguard their right to privacy.

In as much as I may acknowledge the importance of the right to be forgotten, for some important reasons in the scope of public interest personal data should be retained, such as the protection the right of freedom of expression, for reasons of public health, for historical, statistical, and scientific research purposes; and for compliance with a legal obligation to retain the personal data as may be required by state. As such, like some of the basic rights, the right to be forgotten is not absolute.

In Rwanda, for the right to be forgotten to be recognized there has to be a legislation on data protection as well as data protection authority. Since the inception of that right at the EU level, it has already been entrenched in many EU member states.

In Europe, for example, Google, as the biggest search engine, is facing multiple legal hurdles since the introduction of data protection for not respecting the right to be forgotten. Obviously, Google faces these challenges because it is the controller of processed data.

And, following the EU top court’s ruling that ordered Google Spain and Google Inc. to remove personal information of a Spanish citizen, Google has since received a barrage of complaints to remove their personal information from its search algorithm.

The writer is a lecturer and international law expert.