The ‘right to be forgotten’ beyond the EU: an analysis of wider G20 regulatory action and potential next steps

Abstract

It has been increasingly asserted that data protection can and should enable individuals to exert some control at least ex post over online data dissemination. Notwithstanding contrary suggestions, therefore, the ‘right to be forgotten’ is not solely an EU phenomenon. Post-2014 the majority of the eight national Data Protection Authorities (DPAs) s operating in non-EU G20 jurisdictions with established data protection legislation have sought to implement such a right through guidance and, in three cases, also enforcement. These jurisdictions span three regions and encompass jurisdictions such as Australia and Canada with a similar outlook to the EU. In light of the profoundly globalised nature of the internet, greater transnational coordination would be valuable. Whilst the G20 is itself ill-suited to this task, the pan-regional Data Protection Convention framework overseen by the Council of Europe as well as the Global Privacy Assembly could play an important role.