Skip to main content

The Right to be forgotten - Practical perspective

Mitko Karushkov & Mario Arabistanov (BG), Partners of EuroCloud CPC Network

The right to be forgotten under article 17 of GDPR brought up conflict between the right of an individual to object to processing his or her personal data by data controllers and the right of the society to be well informed through the media, having direct impact on the freedom of expression.

In Bulgaria this issue was discussed during the presidential elections in 2016. Some of the presidential candidates were formal agents of the intelligence structures, which were functioning during the communist regime. A number of online media included the information in their articles, reminding the public of the candidates’ past.

In such a hypothesis, as if the GDPR was already in full force, it would be possible to claim that some of the candidates were entitled to exercise their right to be forgotten under article 17 of the GDPR. Such request would have resulted in deleting the published information as it has achieved its purposes to inform the public. There are two possibilities for addressees of such a request – to address multiple specific websites, or to address the search engines to delete the information, that appears in search results. From business perspective addressing a search engine would mean that articles from small online media would not be accessible through search engines making them difficult to find by the majority of the public.

Taking a look from a different angle would show that from legal perspective the right to be forgotten under article 17, paragraph 1 is opposed to the exclusions introduced in paragraph 2, as per which the right to be forgotten shall not prevail in case the data is used for the purposes of freedom of expression and information. In this case it would be the addressee (e.g. corresponding media or search engine) who will decide upon whether the exclusions shall apply or the right to be forgotten shall take effect.

When resolving on the right to be forgotten it would not be uncommon, if in order to stay on the safe side and limit possibility for breach of data processing rules, the business owners to decide in favour of the data subject.


Article provided by:

  • Mitko Karushkov, Partner at Kambourov & Partners, Bulgaria
  • Mario Arabistanov, Associate at Kambourov & Partners, Bulgaria

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.