The Right to Erasure: Evaluating the U.K. Approach to GDPR Article 17

Page 26

The Right to Erasure: Evaluating the U.K. Approach to GDPR Article 17 Grant Fergusson, Kristen Shiu, Matt Ireland, Stephanie Metzger, Ugonma Nwankwo, Stefan Tan Ying Xian

as practicable and at the latest within one month of receiving the request. Controllers may also ask for identification to check the authenticity of the request if in doubt; they do not need to process the request until such proof is received.84 Taken together, these limitations and GDPR’s PBR approach to data protection suggest that, while GDPR Article 17 may provide U.K. policymakers with robust and adaptable regulatory tools, these tools may not be effective without a slew of complementary, rules-based regulations like court rulings and published guidance85. U.K. regulators therefore face a dilemma: without clearer, rules-based regulations, regulators today lack the ability to effectively enforce all GDPR requirements, but developing strict, rules-based regulations may significantly restrict their ability to adapt to changes in the U.K.’s data ecosystem86. Consequently, it is incumbent on policymakers and regulators to take additional measures where possible to strengthen their own capacity to enforce GDPR effectively and find ways to support organizations as they continue working towards compliance.

84

Ibid.

85

Black, ‘The rise, fall and fate of principles based regulation’ (n 62). Black, ‘Forms and paradoxes of principles-based regulation’ (n 62); ibid.

86

The Wilberforce Society Cambridge, UK

www.thewilberforcesociety.co.uk

17

October 2019

Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.