The EU GDPR gives individuals more rights and opportunities to have certain details and information removed from the Internet, for example. Whether this is always possible or advisable, however, requires a detailed examination of each individual case. Possibly one comes in the context of an individual impact assessment also to the realization that it might be better not to address a circumstances, in order so proverbially “not to arouse sleeping dogs”.
In order to be able to remove certain unwanted content from the Internet, one must (1) become aware that such content exists and (2) where it is accessible to everyone, as well as (3) who is the operator of a certain homepage, portal or blog. In this context, our established and proofed OSRINT procedure (Open Source Risk Intelligence) comes into play!
For Internet platforms or homepages hosted or operated outside the EU, it is certainly difficult, if not impossible, to enforce personal rights with reference to the EU GDPR. However, these portals hosted outside the EU are also subject to the new EU GDPR as soon as their offer/content is also directed at the European market; for example, a portal is also available in German or similar.
A first profit of the new regulation is certainly that it is now no longer possible to query the owner(s) of an Internet domain in this way without further ado. This also protects high net worth individuals (HNWI, UHNWI) who operate their own homepages or who have registered private and/or business domain names for themselves in the past.
In order for the domain registry(s) to release the domain owner data, a justified interest must be proven for each individual case; for example, an initiated dunning / insolvency procedure, own inquiry as domain holder / technical support or similar.
Furthermore, the EU GDPR has led to a veritable “blog death”. Numerous blog operators, who in the past also expressed criticism of the wealthy and “capital” as such and/or also published information from lists of the rich, party donations or the like, have in some cases completely taken their blog or their homepage off-line due to the new regulation. This, in conjunction with integrated online risk management, can be seen as quite positive.
Whether it is promising to address official and renowned homepage operators (BILANZ, MANAGER MAGAZIN, FORBES, WIRTSCHAFTSWOCHE…) in connection with party donations, total assets / wealth lists, salaries / income and the like with a request for deletion must be considered and evaluated for each individual case. The facts and starting situations where, in addition to the (frequently estimated) wealth / income, e.g. on wealth lists and/or the information on party donation amounts, private addresses are also listed appear to be extremely promising. In this context, one should at least enter into a dialogue with the respective portal operator in order to (1) find out what everything and where/how it is stored, (2) on what legal basis (what justified interest) the publication has taken place and (3) try to have the information (completely or partially) deleted with a reference to the EU GDPR.
In our understanding, in the context of the new EU GDPR, each person must now (theoretically / practically) be informed before the actual publication of their personal data about what is published in detail and where.
However, it may also be possible to use the favor of the hour in connection with the widespread “uncertainty or half-knowledge about the EU GDPR” and demand the deletion of complete data records with reference to the EU GDPR. It is well conceivable that homepage or blog operators tend at present rather to delete something (unchecked and without critical judgement/questioning) completely than to get involved in a legal and supposedly result open argument.
Authorities must also submit to the new EU GDPR; in our opinion, there is also great uncertainty or ignorance about the new regulation. If in the past an attempt to block information in connection with the private registration addresses has not been successful, for example, it would be highly recommended to consider whether a new attempt should be made with reference to the new EU GDPR. Although the “fine” threat scenario will have no effect with the authorities, a possible complaint by the supervisory authorities could be brought into play.
