Please Forget This Post

Among the rules proposed by the EU’s privacy regulators – some of which supposedly streamline the privacy regulatory scheme – is a requirement that companies, on request, “forget” the user.  Meaning, all data about that user would have to be deleted.  This requirement applies to all companies processing data of EU citizens. 

What a complete and massive overreach.  Author Jeff Jarvis called it the EU’s attempt to take over the Internet.  From a corporate perspective, it’s impossible.  Imagine me calling up American Express and saying “forget me.”  What does that mean, exactly?  Do they have to scour their IP address records to see when you accessed your account online?  From a strict reading, it seems they would.

And how will this affect cloud adoption?  It would be bad enough if you have to find and erase random data in systems you own and control.  When that same information is split up in multiple locations and controlled by another entity with whom your relationship is governed by contract, the complications multiply at an impossible rate.

One of the dangers of regulation is unintended consequences.  I’m not sure what consequences this regulation will have, if transposed into national implementing legislation, but I’m absolutely sure there will be consequences.  Don’t forget I said that.

www.Recommind.com