Artikolu 17 📖 RĠPD (GDPR). Dritt għal tħassir (“dritt li wieħed jintesa”)

Artikolu 17 RĠPD (GDPR). Dritt għal tħassir (“dritt li wieħed jintesa”)

Article 17 GDPR. Right to erasure (‘right to be forgotten’)

1. Is-suġġett tad-data għandu d-dritt li jikseb mingħand il-kontrollur it-tħassir ta’ data personali dwaru mingħajr dewmien żejjed u l-kontrollur għandu l-obbligu li jħassar data personali mingħajr dewmien żejjed jekk tkun tapplika waħda minn dawn ir-raġunijiet li ġejjin:

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

Kummentarju

(EN) Author

(EN) Siarhei Varankevich CIPP/E, CIPM, CIPT, MBA, FIP

(EN) Co-Founder & CEO of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant

(EN) Ask a question

(a) id-data personali ma tkunx għadha meħtieġa fir-rigward tal-għanijiet li għalihom tkun inġabret jew ġiet ipproċessata mod ieħor id-data;

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) is-suġġett tad-data jirtira l-kunsens li fuqu huwa bbażat l-ipproċessar skont l-Artikolu 6(1)(a) jew l-Artikolu 9(2)(a) u fejn ma jkun hemm l-ebda raġuni legali għall-ipproċessar;

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

Testi relatati

Artikolu 6 RĠPD (GDPR). Legalità tal-ipproċessar

Article 6 GDPR. Lawfulness of processing

1. L-ipproċessar għandu jkun legali biss jekk u safejn mill-inqas ikun japplika wieħed mill-punti li ġejjin:

1. Processing shall be lawful only if and to the extent that at least one of the following applies:

(a) is-suġġett tad-data jkun ta l-kunsens għall-ipproċessar ta’ data personali tiegħu għal fini speċifiku wieħed jew aktar;

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

[…]

Artikolu 9 RĠPD (GDPR). Ipproċessar ta' kategoriji speċjali ta' data personali

Article 9 GDPR. Processing of special categories of personal data

1. L-ipproċessar ta’ data personali, li jiżvela oriġini razzjali jew etnika, opinjonijiet politiċi, twemmin reliġjuż jew filosofiku, jew sħubija fi trade union, u l-ipproċessar ta’ data ġenetika, data bijometrika sabiex tidentifika b’mod uniku persuna fiżika, data dwar is-saħħa jew data dwar il-ħajja sesswali u l-orjentazzjoni sesswali ta’ persuna fiżika huma projbiti.

1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.

2. Il-paragrafu 1 ma għandux japplika jekk japplika wieħed minn dawn li ġejjin:

2. Paragraph 1 shall not apply if one of the following applies:

(a) is-suġġett tad-data jkun ta kunsens espliċitu għall-ipproċessar ta’ dik id-data personali għal fini speċifiku wieħed jew aktar, għajr fejn il-liġi tal-Unjoni jew il-liġi ta’ Stat Membru tipprevedi li l-projbizzjoni msemmija fil-paragrafu 1 ma tistax titneħħa mis-suġġett tad-data;

(a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;

[…]

(c) is-suġġett tad-data joġġezzjona għall-ipproċessar skont l-Artikolu 21(1) u ma jkun hemm l-ebda raġuni leġittima prevalenti għall-ipproċessar, jew is-suġġett tad-data joġġezzjona għall-ipproċessar skont l-Artikolu 21(2);

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

Testi relatati

Artikolu 21 RĠPD (GDPR). Dritt ta' oġġezzjoni

Article 21 GDPR. Right to object

1. Is-suġġett tad-data għandu d-dritt li joġġezzjona, għal raġunijiet relatati mas-sitwazzjoni partikolari tiegħu, fi kwalunkwe mument għall-ipproċessar ta’ data personali li tikkonċerna lilu li hija bbażata fuq il-punt (e) jew (f) tal-Artikolu 6(1), inkluż it-tfassil ta’ profili abbażi ta’ dawk id-dispożizzjonijiet. Il-kontrollur ma għandux jibqa’ jipproċessa d-data personali sakemm il-kontrollur ma jagħtix raġunijiet leġittimi konvinċenti għall-ipproċessar li jegħlbu l-interessi, id-drittijiet u l-libertajiet tas-suġġett tad-data jew għall-istabbiliment, l-eżerċizzju jew id-difiża ta’ talbiet legali.

1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

2. Fejn tiġi pproċessata data personali għal għanijiet diretti ta’ kummerċjalizzazzjoni, is-suġġett tad-data għandu d-dritt li joġġezzjona fi kwalunkwe mument għall-ipproċessar tad-data personali li tikkonċernah għal tali kummerċjalizzazzjoni, li tinkludi t-tfassil tal-profili sa fejn huwa marbut ma’ tali kummerċjalizzazzjoni diretta.

2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

[…]

(d) id-data personali tkun ġiet ipproċessata illegalment;

(d) the personal data have been unlawfully processed;

(e) id-data personali tkun trid titħassar biex ikun hemm konformità ma’ obbligu legali fil-liġi tal-Unjoni jew ta’ Stat Membru li għalih huwa soġġett il-kontrollur;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) id-data personali tkun inġabret fir-rigward tal-offerta ta’ servizzi tas-soċjetà tal-informazzjoni msemmija fl-Artikolu 8(1).

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Testi relatati

1. Fejn ikun japplika l-punt (a) tal-Artikolu 6(1), fir-rigward tal-offerta ta’ servizzi tas-soċjetà tal-informazzjoni direttament lil minorenni, l-ipproċessar tad-data personali ta’ minorenni jkun skont il-liġi fejn il-minorenni jkollu mill-inqas l-età ta’ 16-il sena. Fejn il-minorenni jkollu anqas minn 16-il sena, tali pproċessar ikun legali biss jekk, u sal-punt li, il-kunsens jingħata jew jiġi awtorizzat mid-detentur tar-responsabbiltà ta’ ġenitur fuq il-minorenni.

1. Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.

L-Istati Membri jistgħu jipprovdu għal età inqas għal dawk il-finijiet sakemm tali età inqas ma tkunx inqas minn 13-il sena.

Member States may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.

[…]

Guidelines on consent under Regulation 2016/679

Information society service

129. While assessing the scope of this definition, the EDPB also refers to case law of the ECJ.[62] The ECJ held that information society services cover contracts and other services that are concluded or transmitted on-line. Where a service has two economically independent components, one being the online component, such as the offer and the acceptance of an offer in the context of the conclusion of a contract or the information relating to products or services, including marketing activities, this component is defined as an information society service, the other component being the physical delivery or distribution of goods is not covered by the notion of an information society service. The online delivery of a service would fall within the scope of the term information society service in Article 8 GDPR.

_{[62] See European Court of Justice, 2 December 2010 Case C-108/09, (Ker-Optika), paragraphs 22 and 28. In relation to ‘composite services’, the EDPB also refers to Case C-434/15 (Asociacion Profesional Elite Taxi v Uber Systems Spain SL), para 40, which states that an information society service forming an integral part of an overall service whose main component is not an information society service (in this case a transport service), must not be qualified as ‘an information society service’.}

Guidelines 3/2018 on the territorial scope of the GDPR (Article 3)

Offering of goods or services, irrespective of whether a payment of the data subject is required, to data subjects in the Union

The first activity triggering the application of Article 3(2) is the “offering of goods or services”, a concept which has been further addressed by EU law and case law, which should be taken into account when applying the targeting criterion. The offering of services also includes the offering of information society services, defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 [23] as “any Information Society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services”.

_{[23] Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and of rules on Information Society services.}

2. Fejn il-kontrollur ikun ippubblika d-data personali u jiġi obbligat skont il-paragrafu 1 li jħassar id-data personali, il-kontrollur, b’kont meħud tat-teknoloġija disponibbli u l-ispiża tal-implimentazzjoni, għandu jieħu passi raġonevoli, inklużi miżuri tekniċi, biex jinforma lill-kontrolluri li jkunu qegħdin jipproċessaw id-data personali, li s-suġġett tad-data talabhom iħassru kwalunkwe konnessjoni għal dik id-data personali, jew koppja jew replika tagħha.

2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII processors.

Here is the relevant paragraph to article 17(2) GDPR:

8.3.1 Obligations to PII principals

Control

The organization should provide the customer with the means to comply with its obligations related to PII principals.

Implementation guidance

A PII controller’s obligations can be defined by legislation, by regulation and/or by contract.

(EN) […]

(EN) Sign in
to read the full text

3. Il-paragrafi 1 u 2 ma għandhomx japplikaw sakemm dak l-ipproċessar jkun meħtieġ:

3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 17(3) GDPR:

7.2.2 Identify lawful basis

Control

The organization should determine, document and comply with the relevant lawful basis for the processing of PII for the identified purposes.

Implementation guidance

Some jurisdictions require the organization to be able to demonstrate that the lawfulness of processing was duly established before the processing.

(EN) […]

(EN) Sign in
to read the full text

(a) għall-eżerċizzju tad-dritt tal-libertà ta’ espressjoni u informazzjoni;

(a) for exercising the right of freedom of expression and information;

(b) għal konformità ma’ obbligu legali li jeħtieġ ipproċessar skont il-liġi tal-Unjoni jew ta’ Stat Membru li għaliha jkun soġġett il-kontrollur jew għat-twettiq ta’ kompitu mwettaq fl-interess pubbliku jew fl-eżerċizzju tal-awtorità uffiċjali mogħtija lill-kontrollur;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) għal raġunijiet ta’ interess pubbliku fil-qasam tas-saħħa pubblika f’konformità mal-punti (h) u (i) tal-Artikolu 9(2) kif ukoll mal-Artikolu 9(3);

(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

Testi relatati

Artikolu 9 RĠPD (GDPR). Ipproċessar ta' kategoriji speċjali ta' data personali

Article 9 GDPR. Processing of special categories of personal data

2. Il-paragrafu 1 ma għandux japplika jekk japplika wieħed minn dawn li ġejjin:

2. Paragraph 1 shall not apply if one of the following applies:

[…]

(h) l-ipproċessar ikun meħtieġ għall-finijiet ta’ mediċina preventiva jew okkupazzjonali, għall-valutazzjoni tal-kapaċità ta’ ħaddiem għax-xogħol, dijanjosi medika, il-forniment ta’ kura tas-saħħa jew soċjali jew it-trattament jew il-ġestjoni ta’ sistemi u servizzi tal-kura tas-saħħa u soċjali abbażi tal-liġi tal-Unjoni jew tal-liġi ta’ Stat Membru jew skont kuntratt ma’ professjonista fil-kura medika u soġġett għall-kondizzjonijiet u s-salvagwardji msemmija fil-paragrafu 3;

(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;

(i) l-ipproċessar ikun meħtieġ għal raġunijiet ta’ interess pubbliku fil-qasam tas-saħħa pubblika, bħall-protezzjoni kontra theddid transkonfinali serju għas-saħħa jew biex jiġu żgurati standards għoljin ta’ kwalità u sikurezza tal-kura tas-saħħa u ta’ prodotti mediċinali jew apparat mediku, fuq il-bażi tal-liġi tal-Unjoni, jew tal-liġi ta’ Stat Membru li tipprevedi miżuri adatti u speċifiċi sabiex jiġu protetti d-drittijiet u l-libertajiet tas-suġġett tad-data, b’mod partikulari s-segretezza professjonali;

(i) processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;

[…]

3. Id-data personali msemmija fil-paragrafu 1 tista’ tiġi pproċessata għall-finijiet imsemmija fil-punt (h) tal-paragrafu 2 meta dik id-data tiġi pproċessata minn professjonista jew taħt ir-responsabbiltà tiegħu li jkun soġġett għall-obbligu ta’ segretezza professjonali skont il-liġi tal-Unjoni jew ta’ Stat Membru jew regoli stabbiliti minn korpi kompetenti nazzjonali jew minn persuna oħra li tkun ukoll soġġetta għal obbligu ta’ segretezza skont il-liġi tal-Unjoni jew ta’ Stat Membru jew ir-regoli stabbiliti minn korpi kompetenti nazzjonali.

3. Personal data referred to in paragraph 1 may be processed for the purposes referred to in point (h) of paragraph 2 when those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies.

(d) għal finijiet ta’ arkivjar fl-interess pubbliku, għal finijiet ta’ riċerka xjentifika jew storika jew għal finijiet ta’ statistika skont l-Artikolu 89(1) sa fejn id-dritt imsemmi fil-paragrafu 1 x’aktarx ikun ser jagħmel impossibbli jew ixekkel serjament il-ksib tal-objettivi ta’ dak l-ipproċessar; jew

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

Testi relatati

Artikolu 89 RĠPD (GDPR). Salvagwardji u derogi relatati mal-ipproċessar għal finijiet ta' arkivjar fl-interess pubbliku, għal finijiet ta' riċerka xjentifika jew storika jew għal finijiet ta' statistika

Article 89 GDPR. Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

1. L-ipproċessar għal finijiet ta’ arkivjar fl-interess pubbliku, għal finijiet ta’ riċerka xjentifika jew storika jew għal finijiet ta’ statistika, għandu jkun soġġett għal salvagwardji xierqa, f’konformità ma’ dan ir-Regolament, għad-drittijiet u l-libertajiet tas-suġġett tad-data. Dawk is-salvagwardji għandhom jiżguraw li jkunu fis-seħħ miżuri tekniċi u organizzattivi b’mod partikolari sabiex jiġi żgurat ir-rispett tal-prinċipju ta’ minimizzazzjoni tad-data. Dawk il-miżuri jistgħu jinkludu psewdonimizzazzjoni, sakemm dawk il-finijiet jistgħu jiġu sodisfatti b’dak il-mod. Fejn dawk il-finijiet jistgħu jiġu sodisfatti bi pproċessar ulterjuri li ma jippermettix jew ma għadux jippermetti l-identifikazzjoni ta’ suġġetti tad-data dawk il-finijiet għandhom jiġu sodisfatti b’dak il-mod.

1. Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.

[…]

Guidelines on consent under Regulation 2016/679

Scientific research

153. Recital 33 seems to bring some flexibility to the degree of specification and granularity of consent in the context of scientific research. Recital 33 states: “It is often not possible to fully identify the purpose of personal data processing for scientific research purposes at the time of data collection. Therefore, data subjects should be allowed to give their consent to certain areas of scientific research when in keeping with recognised ethical standards for scientific research. Data subjects should have the opportunity to give their consent only to certain areas of research or parts of research projects to the extent allowed by the intended purpose.”

(e) għall-istabbiliment, l-eżerċizzju jew id-difiża ta’ talbiet legali.

(e) for the establishment, exercise or defence of legal claims.

Regolament Ġenerali dwar il-Protezzjoni tad-Data (RĠPD, GDPR)

General Data Protection Regulation (EU GDPR)

The latest consolidated version of the Regulation with corrections by Corrigendum, OJ L 127, 23.5.2018, p. 2 ((EU) 2016/679). Source: EUR-lex.

Kummentarju ISO 27701 Premessi Linji ta 'Gwida & Ġurisprudenza Ħalli kumment

Kummentarju

(EN) The so-called “right to be forgotten” was hailed as a breakthrough with the adoption of the General Data Protection Regulation, even though it existed in a limited form before. Article 17 provides for a broader “right to erasure”, to take into account the exact wording of the provision. European Union residents have a right to ask for the deletion of their personal data, and the organization that holds the data has a corresponding obligation to erase them “without undue delay” under a certain number of circumstances.

(EN) […]

(EN) Sign in
to read the full text

(EN) Author

(EN) Louis-Philippe Gratton PhD, LLM

(EN) Privacy Expert

(EN) Ask a question

(EN)

Data Subject Request Letter Sample

Concern: Request to erase my personal data

Dear Madam, Dear Sir,

You have data concerning me that I am asking you to delete…

(EN) […]

(EN) Sign in
to read the full text

ISO 27701

(EN) ISO/IEC 27701, adopted in 2019, added additional ISO/IEC 27002 guidance for PII controllers.

Here is the relevant paragraph to article 17 GDPR:

7.3.6 Access, correction and/or erasure

Control

The organization should implement policies, procedures and/or mechanisms to meet their obligations to PII principals to access, correct and/or erase their PII.

Implementation guidance

The organization should implement policies, procedures and/or mechanisms for enabling PII principals to obtain access to, correct and erase of their PII, if requested and without undue delay.

(EN) […]

(EN) Sign in
to read the full text

Premessi

(65) Suġġett tad-data għandu jkollu d-dritt li jkollu data personali li tirrigwardaha rettifikata u “dritt li jintnesa” fejn iż-żamma ta' tali data tikser dan ir-Regolament jew il-liġi tal-Unjoni jew ta' Stat Membru li jkun soġġett għaliha l-kontrollur. B'mod partikolari, suġġett tad-data għandu jkollu d-dritt li d-data personali tiegħu titħassar u ma tiġix ipproċessata aktar, fejn id-data ma tibqax meħtieġa fir-rigward tal-għanijiet li għalihom tinġabar jew inkella tiġi pproċessata, fejn suġġett tad-data jkun irtira il-kunsens tiegħu jew joġġezzjona għall-ipproċessar ta' data personali li tirrigwardah jew inkella fejn l-ipproċessar tad-data personali tiegħu ma tikkonformax ma' dan ir-Regolament. Dak id-dritt huwa rilevanti b'mod partikolari, fejn is-suġġett tad-data jkun ta l-kunsens tiegħu meta kien tfal u, mhuwiex għal kollox konxju mir-riskji involuti fl-ipproċessar, u aktar tard ikun jixtieq ineħħi din id-data personali, b'mod speċjali fuq l-internet. Is-suġġett tad-data għandu jkun jista' jeżerċita dak id-dritt minkejja l-fatt li huwa m'għadux tifel jew tifla. Madankollu, iż-żamma ulterjuri tad-data personali għandha tkun legali fejn tkun meħtieġa għall-eżerċizzju tad-dritt tal-libertà ta' espressjoni u ta' informazzjoni, għall-konformità ma' obbligu legali, għat-twettiq ta' kompitu mwettaq fl-interess tal-pubbliku jew fl-eżerċizzju ta' awtorità uffiċjali mogħtija lill-kontrollur, għal raġunijiet ta' interess pubbliku fil-qasam tas-saħħa pubblika, għal finijiet ta' arkivjar fl-interess pubbliku, għal finijiet ta' riċerka xjentifika jew storika jew għal finijiet ta' statistika, jew għall-istabbiliment, l-eżerċizzju jew id-difiża ta' talbiet legali.

(65) A data subject should have the right to have personal data concerning him or her rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject. In particular, a data subject should have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed, where a data subject has withdrawn his or her consent or objects to the processing of personal data concerning him or her, or where the processing of his or her personal data does not otherwise comply with this Regulation. That right is relevant in particular where the data subject has given his or her consent as a child and is not fully aware of the risks involved by the processing, and later wants to remove such personal data, especially on the internet. The data subject should be able to exercise that right notwithstanding the fact that he or she is no longer a child. However, the further retention of the personal data should be lawful where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

(66) Sabiex jissaħħaħ id-“dritt li tintnesa” fl-ambjent online, id-dritt għat-tħassir għandu jkun estiż ukoll b'mod li kontrollur li jkun għamel id-data personali pubblika għandu jkun obbligat li jinforma lill-kontrolluri li jipproċessaw tali data personali biex iħassru kwalunkwe link għal, jew kopja jew replika ta', dik id-data personali. Meta jagħmel dan, dak il-kontrollur għandu jieħu passi raġonevoli, b'kont tat-teknoloġija disponibbli u l-mezzi disponibbli għall-kontrollur, inklużi miżuri tekniċi, biex jinforma lill-kontrolluri li jipproċessaw id-data bit-talba tas-suġġett tad-data.

(66) To strengthen the right to be forgotten in the online environment, the right to erasure should also be extended in such a way that a controller who has made the personal data public should be obliged to inform the controllers which are processing such personal data to erase any links to, or copies or replications of those personal data. In doing so, that controller should take reasonable steps, taking into account available technology and the means available to the controller, including technical measures, to inform the controllers which are processing the personal data of the data subject's request.

Linji ta 'Gwida & Ġurisprudenza

(EN)