The Right to be forgotten - Practical perspective


The right to be forgotten under article 17 of GDPR brought up conflict between the right of an individual to object to processing his or her personal data by data controllers and the right of the society to be well informed through the media, having direct impact on the freedom of expression.

In Bulgaria this issue was discussed during the presidential elections in 2016. Some of the presidential candidates were formal agents of the intelligence structures, which were functioning during the communist regime. A number of online media included the information in their articles, reminding the public of the candidates’ past.

In such a hypothesis, as if the GDPR was already in full force, it would be possible to claim that some of the candidates were entitled to exercise their right to be forgotten under article 17 of the GDPR. Such request would have resulted in deleting the published information as it has achieved its purposes to inform the public. There are two possibilities for addressees of such a request – to address multiple specific websites, or to address the search engines to delete the information, that appears in search results. From business perspective addressing a search engine would mean that articles from small online media would not be accessible through search engines making them difficult to find by the majority of the public.

Taking a look from a different angle would show that from legal perspective the right to be forgotten under article 17, paragraph 1 is opposed to the exclusions introduced in paragraph 2, as per which the right to be forgotten shall not prevail in case the data is used for the purposes of freedom of expression and information. In this case it would be the addressee (e.g. corresponding media or search engine) who will decide upon whether the exclusions shall apply or the right to be forgotten shall take effect.

When resolving on the right to be forgotten it would not be uncommon, if in order to stay on the safe side and limit possibility for breach of data processing rules, the business owners to decide in favour of the data subject.


Article provided by:

  • Mitko Karushkov, Partner at Kambourov & Partners, Bulgaria
  • Mario Arabistanov, Associate at Kambourov & Partners, Bulgaria


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Höllwarth,


What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.