The Jurisprudential and Technological Evolution of the Right to Be Forgotten
A Global Analysis of Informational Privacy, Algorithmic Persistence, and the Erasure of Digital History
The Jurisprudential and Technological Evolution of the Right to Be Forgotten: A Global Analysis of Informational Privacy, Algorithmic Persistence and the Erasure of Digital History
The transition from the analogue to the digital age has fundamentally altered the biological and societal mechanisms of memory. In the pre-digital era, the passage of time functioned as a natural sieve, gradually eroding the visibility of past events and allowing individuals a degree of “practical obscurity” through the sheer friction of accessing historical records.[1, 2]
However, the advent of pervasive search engines, massive data aggregation and more recently the integration of generative artificial intelligence and immutable ledgers has rendered information virtually indelible.[3, 4] Codified primarily as the right to erasure, the Right to Be Forgotten (RTBF) has emerged as a jurisprudential mechanism to counteract digital permanence, enabling individuals to shape their own identities free from the perpetual stigma of past actions that have lost their relevance. [4, 5]
This review provides an examination of the legal foundations of the RTBF, its global application, the profound challenges posed by emerging technologies such as Large Language Models (LLMs) and blockchain and its broader impact on societal memory, criminal rehabilitation and human dignity.
The Genesis of Informational Privacy: Philosophical and Legal Origins
The conceptual roots of the right to be forgotten are found in European traditions of personality and dignity rights. Historically, the French ‘droit à l’oubli’ and the Italian ‘diritto all’oblio’ allowed rehabilitated individuals to prevent the press from republishing their past criminal convictions once a sufficient period of time had elapsed to allow for social reintegration.[6] These traditions reflect a belief that an individual should not be “perpetually or periodically stigmatised” as a consequence of a specific action performed in the past.[4]
In the digital context, this philosophical tradition collided with the technological reality of the internet. The landmark 2014 ruling by the Court of Justice of the European Union (CJEU) in Google Spain SL v. Agencia Española de Protección de Datos (AEPD) transformed these traditional concepts into a modern digital right.[7, 8, 9]
The case involved Mario Costeja González, a Spanish national who found that searches for his name consistently highlighted a 1998 newspaper announcement concerning a real-estate auction for the recovery of social security debts.[8, 10] Despite the debt having been resolved years prior, the information remained readily accessible, effectively defining his online reputation. The CJEU’s decision established that internet search engine operators are “data controllers” responsible for the processing of personal data appearing on third-party web pages.[8, 11, 12]
The CJEU ruled that individuals have the right to request that search engines remove links to web pages containing personal information when such data is “inadequate, irrelevant or no longer relevant, or excessive” in relation to the purposes for which it was processed. [4, 8, 13]
Crucially, the court determined that the fundamental right to privacy and the protection of personal data generally outweigh the economic interest of the commercial firm and, in many cases, the public interest in accessing the information.[14, 15] This established the “right to de-referencing” as a cornerstone of modern privacy law, emphasising that even initially lawful processing of accurate data may become incompatible with data protection principles over time.[11, 15]
The Regulatory Framework: GDPR Article 17 and Global Equivalents
The principles articulated in the Google Spain decision were formally institutionalised in Article 17 of the General Data Protection Regulation (GDPR), explicitly titled the “Right to Erasure (’Right to be Forgotten’)”.[5, 7, 12] This article provides a structured legal mechanism for individuals to reclaim control over their digital footprint.
Ground for Erasure and Procedural Obligations
Under Article 17, a data subject has the right to obtain from the controller the erasure of personal data concerning them “without undue delay,” typically understood as a one-month timeframe.[5, 16, 17] The obligation to erase data arises under several specific conditions, including situations where the data is no longer necessary for its original purpose, the individual withdraws consent or the data has been unlawfully processed.[5, 7, 18]
The controller’s responsibilities extend beyond their own databases. If a controller has made personal data public and is obliged to erase it, Article 17(2) requires them to take “reasonable steps,” including technical measures, to inform other controllers who are processing the data that the subject has requested erasure of any links to, or copies or replications of, that data.[7, 9, 22] This is intended to combat the “Hydra effect,” where information removed from one platform persists on mirrors or third-party aggregators.[6, 24]
International Legislative Divergence
While the GDPR represents the most comprehensive codification of the RTBF, other jurisdictions have adopted varied models, often reflecting local constitutional priorities. In the United States, the absence of an omnibus federal privacy law has led to a fragmented state-level approach. The California Consumer Privacy Act (CCPA) and the subsequent California Privacy Rights Act (CPRA) grant residents a “right to delete,” although this is generally narrower than the European RTBF, as it excludes certain “publicly available” data from government records and focuses on data collected directly from the consumer.[21, 25, 26]
In Brazil, while the LGPD provides a framework for deletion, the Supreme Court has ruled that the RTBF is generally incompatible with freedom of expression when applied to historical facts, suggesting that corrections or damages are more appropriate remedies than erasure.[1]
Similarly, in India, the Supreme Court has recognised privacy as a fundamental right under Article 21, yet the DPDP Act subjects the RTBF to a balancing test against the public interest and the legal duties of data trustees.[23]
The Territoriality Paradox: Geographic Scope and De-referencing
One of the most significant legal challenges for the RTBF is the geographic scope of enforcement. Because search engine results are often consistent across global databases, a de-referencing order in one jurisdiction may be ineffective if the information remains accessible through another country’s domain.[14, 30]
The 2019 CJEU ruling in Google LLC v. CNIL addressed whether de-referencing must be global.[10, 30] The French regulator (CNIL) argued that for the right to be effective, links must be removed from all versions of Google’s search engine worldwide, including google.com.[15, 31] However, the court ruled that existing EU law does not mandate global de-referencing. Instead, search engine operators are required to carry out de-referencing on the national versions of their engine corresponding to all EU Member States and utilise geo-blocking to discourage users within the EU from accessing the delisted links via non-EU versions.[10, 30, 32]
This decision reflects the “reluctance to globalise” the right, acknowledging that the balance between privacy and freedom of information varies significantly across the globe.[1, 30] While global de-referencing would meet the objective of EU data protection law, many non-EU countries do not recognise the RTBF or prioritise freedom of speech in ways that would make a universal mandate legally and diplomatically untenable.[30, 32] Nevertheless, the CJEU noted that national courts and data protection authorities still possess the competence to order global de-listing in specific cases if they can demonstrate that such a measure is necessary and proportionate under national standards.[15, 30, 31, 33]
Technological Impasses: Algorithmic Memory and Neural Persistence
The most profound contemporary threat to the effectiveness of the right to be forgotten is the rise of Large Language Models (LLMs) and generative artificial intelligence. Unlike traditional, structured databases where personal data exists as a discrete entry that can be deleted or overwritten, LLMs store information as statistical patterns within billions of parameter weights.[3, 34, 35]
The Technical Complexity of AI Erasure
Once data is “absorbed” into a model’s weights during the training process, it cannot be easily located or extracted. This has been termed the “smoothie problem”: while removing a record from a database is like picking a carrot out of a salad, removing data from a trained LLM is akin to trying to retrieve a specific strawberry after it has been blended into a smoothie.[36] The information no longer exists in its original form but has been transformed into a series of mathematical relationships that influence how the model generates output.[3, 34]
Several technical factors complicate compliance with Article 17 in the context of AI:
• Inference and Reconstruction: Even if the original training data is deleted from the source web page, the AI model may still retain learned patterns that allow it to infer, predict, or reconstruct the individual’s personal details when prompted.[3, 36]
• Impracticality of Retraining: Engineers acknowledge that the only definitive way to completely remove an individual’s data is to retrain the model from scratch without that specific data point. For models like GPT-4, which utilise trillions of parameters and cost millions of dollars to train, this is an economically and environmentally unfeasible solution for individual erasure requests.[3, 35, 36]
• Unlearning Gaps: The burgeoning field of “machine unlearning” (MU) seeks to develop algorithms that can remove the influence of specific data points from a trained model without full retraining.[34, 37] However, current MU methods often struggle to differentiate between removing data and simply suppressing specific outputs. Furthermore, unlearning one set of data can inadvertently expose information about other data in the “retain-set” due to the complex statistical dependencies within the model.[35, 37]
Regulatory Responses to AI Persistence
The European Union’s Artificial Intelligence Act (AIA) acknowledges these complexities, emphasising that AI systems must respect privacy and data protection rights throughout their entire lifecycle.[34] However, the Act does not yet provide a direct mechanism for “unlearning” in LLMs, instead relying on foundational principles such as transparency and risk mitigation.[34] As the August 2, 2026, the compliance deadline for the majority of the AI Act’s provisions approaches, regulators and litigants are increasingly testing how deletion and opt-out rights will apply to data used for model training and retraining.[38] This intersection will likely define the future economics of generative AI, as the cost of compliance could fundamentally alter the viability of training models on massive, publicly scraped datasets.[38]
Blockchain and the Conflict with Immutability
The tension between the right to be forgotten and technological design is perhaps most acute in the realm of blockchain and distributed ledger technologies (DLT). Blockchain is architecturally predicated on “immutability” - the principle that once data is appended to the ledger, it is permanent and tamper-proof.[39, 40, 41]
The Structural Collision
A blockchain consists of a series of data blocks linked by cryptographic hashes. Altering a single entry in an old block would change its hash, subsequently invalidating every subsequent block in the chain.[40, 42] To erase data effectively, a majority of connected nodes (often 51% or more) would have to agree to rebuild the entire chain, a process that is computationally prohibitive and antithetical to the decentralised nature of the network.[39, 40]
Commentators have debated whether blockchain is fundamentally incompatible with the GDPR.[42] However, some practitioners argue that “innovative solutions” such as advanced irreversible encryption - where the decryption key is destroyed - can satisfy the “spirit” of the legislation by making the data permanently inaccessible, even if it technically remains on the ledger.[42]
Another approach involves the “anonymisation” of data; the GDPR no longer applies if the data can no longer be linked to an identified or identifiable natural person without “disproportionate effort”.[7, 21, 39]
The Ecosystem of Persistence: Data Brokers, Archives, and Aggregation
The effectiveness of a single erasure request is often undermined by the interconnected nature of the modern digital ecosystem. Information is rarely stored in a single silo; rather, it flows between search engines, data brokers and public archives.[24, 44, 45]
Data Brokers and the Shadow Economy
Data brokers represent a multi-billion dollar industry that collects, aggregates and sells personal data from disparate sources, creating individualised dossiers.[45, 46, 47] Most individuals are unaware that these companies exist, let alone that they profit from their sensitive information.[46] The challenge of the RTBF in this sector is the lack of scale: individuals rarely have the time or expertise to manage deletion requests across thousands of obscure organisations.[47, 48]
This power imbalance has led to legislative interventions like California’s “Delete Act” (SB 362), which mandates the creation of the Data Request and Opt-out Platform (DROP).[49, 50]
The Role of Digital Archives and the Wayback Machine
Libraries and digital archives, such as the Internet Archive’s Wayback Machine, perform a critical role in preserving digital history. However, they also create a permanent record of information that may have been intended to be temporary or was subsequently deleted from its original source.[51, 52] The Archive often claims an exemption under the GDPR’s “archiving purposes in the public interest” clause (Article 17(3)(d)).[6, 51]
The conflict between archiving and privacy is especially acute in cases of “doxxing”, where outdated but publicly available data points (e.g., old WHOIS records, Companies House listings or social media snapshots) are stitched together to form a profile of an individual.[44] Legally, this aggregation is often viewed as the creation of a new data set, transforming once-lawful bits of information into “unlawful profiling” that can be used for harassment or intimidation.[44]
Societal and Psychological Implications: The Right to Move On
The inability to forget has profound consequences for the construction of personal identity and societal progress. Human memory is naturally malleable; the ability to forget irrelevant or painful details is considered a psychological necessity for maintaining a coherent sense of self.[54]
Identity Construction and “Digital Shadows”
Psychologists argue that personal narratives depend on the ability to forget what does not matter. The “inescapable accuracy and completeness” of digital records compromises the ability to recraft personal narratives, essentially fettering individuals to past versions of themselves.[54] This “perfect” digital memory resembles the condition of hyperthymesia, where individuals are unable to forget any detail of their past, often leading to psychological distress and a lack of “living space” for present projects.[54]
The RTBF is, therefore, more than a legal tool; it is a symbol of an individual’s right to liberation from a past that no longer reflects their reality.[12] This is particularly critical for children - the “Gen Alpha” and Gen Z cohorts - whose childhood and adolescence are being recorded on social media, often without their informed consent.[12] Content published during childhood can significantly impact future prospects in education, employment, and mental health, making the RTBF a foundational element of digital human rights for the next generation.[12]
Criminal Justice and the Erosion of Rehabilitation
In the realm of criminal justice, the RTBF intersects with laws on “spent conviction”, which are designed to allow individuals a “second chance” after they have completed their punishment and demonstrated rehabilitation.[55, 56] In the pre-digital era, a spent conviction would effectively disappear from public view. Today, however, news archives and search results ensure that past crimes remain visible indefinitely, allowing employers and others to easily bypass the legal protections afforded by official background checks.[55]
The digital age has made the promise of second chances “fragile”.[55] While the RTBF in these cases usually results in de-listing rather than the permanent erasure of the original news report, even this limited measure is critical for allowing individuals to reintegrate into society without the “perpetual judgment” of an algorithm.[55, 56, 57]
The Chilling Effect: Journalism, History, and the Public Interest
Critics of the right to be forgotten argue that it can lead to the “rewriting of history” and the creation of a “memory hole”.[4, 6, 58] The primary concern is that the RTBF infringes on the right to freedom of expression and the public’s right to access truthful information.[6, 20, 59]
Impacts on Investigative Journalism
Journalists and media figures argue that the expanding recognition of privacy expectations, particularly in the early stages of police investigations, stifles important journalism.[60] For example, the 2022 UK Supreme Court ruling in ZXC v Bloomberg established that individuals generally have a reasonable expectation of privacy regarding police investigations into them, until they are charged.[60] While this protects the reputation of the innocent, media organisations fear it creates a “chilling effect,” preventing investigations into corporate wrongs or sexual misconduct where naming suspects is crucial for bringing other victims forward.[60, 61]
There is also a risk that the threat of GDPR-related fines could lead to “wholesale deletion” of information by companies like Facebook or Google, who may prefer to remove content rather than face the complex and costly task of evaluating the legitimacy of every erasure request.[4, 58] This “arbitrary censorship” could suppress legitimate public interest material, particularly concerning public figures or corporate accountability.[2, 59]
Balancing Criteria and the “Manni” Standard
Courts must navigate a delicate balancing act when applying the RTBF to public figures versus private individuals. The CJEU case of Salvatore Manni serves as a key example: Manni requested the erasure of his personal data from a company registry concerning his past bankruptcy, arguing it hindered his current business.[9] The court denied his request, holding that the public interest in legal certainty and the protection of third parties in commercial transactions outweighed his personal interest in erasure, especially since the registry was mandated by law.[9]
Factors typically considered in the balancing test include:
1. Public Figure Status: Public figures have a lower expectation of privacy regarding information that relates to their public functions or reputation.[9, 56]
2. Accuracy and Veracity: Search engines are more likely to be required to remove information that is proven to be false or misleading.[20]
3. Historical and Scientific Value: Erasure is generally not required if the data is necessary for archiving in the public interest, scientific research or historical purposes.[7, 17, 19]
4. Sensitivity of the Data: Criminal records, health information, and data concerning children are given higher weight in the privacy side of the balance.[12, 19, 32]
The 2026 Horizon: California’s DROP and the New Enforcement Paradigm
As 2026 approaches, the enforcement landscape for the right to be forgotten is undergoing a significant transformation, moving from individual requests toward systemic, automated compliance.
The California “DROP” System
California’s Data Request and Opt-out Platform (DROP) is set to open to residents on January 1, 2026.[50, 62] This centralised system allows a consumer to submit a single request that must be honoured by all registered data brokers.[49, 62]
The DROP system introduces a “no cure period” policy, meaning enforcement can proceed immediately upon a violation.[50] Brokers must delete the consumer’s entire record, including inferences and generated profiles, if any provided identifier (e.g., name, email, MAID – Mobile Advertising ID) matches their records.[28, 62] This represents a shift toward “high-frequency operational requirements,” where deletion governance must be integrated into the daily technical workflows of data-driven organisations.[28]
Coordinated EU Enforcement
Simultaneously, the European Data Protection Board (EDPB) has launched its 2025 Coordinated Enforcement Framework (CEF) specifically focused on the “right to be forgotten” (Art. 17 GDPR).[65] This initiative involves 30 national data protection authorities checking how controllers handle erasure requests, specifically looking at the application of conditions and exceptions.[65] This coordinated effort suggests a more aggressive regulatory environment in the coming years, aimed at ensuring that the RTBF is not just a “law on books” but a functional reality for EU citizens.[23, 65]
Future Directions: Self-Sovereign Identity and Privacy-Enhancing Technologies
As the limitations of centralised data control become apparent, researchers and policymakers are exploring alternative models that might inherently support the right to be forgotten through design rather than litigation.
Self-Sovereign Identity (SSI)
Self-Sovereign Identity is an emerging paradigm where individuals have full ownership and control over their digital identities, eliminating the need for centralised data silos.[66, 67] In an SSI model, users store their identity attributes (e.g., date of birth, professional credentials) on their own devices and provide “verifiable claims” to service providers without the provider necessarily storing the raw data.[66, 68]
By decentralising identity management, SSI addresses many of the challenges of the RTBF:
• Decentralisation: Eliminates single points of failure and massive data targets for hackers.[66, 68]
• Minimalisation: Users can share only the specific claims required for a transaction (e.g., “over 18”) rather than their full identity record.[66, 69]
• Portability and Consent: Users decide what aspects of their identity to share and can revoke that consent, functionally “forgetting” the connection to the service provider instantly.[66, 67]
Privacy Enhancing Technologies (PETs) in AI
To address the “smoothie problem” in AI, researchers are increasingly looking toward Privacy Enhancing Technologies (PETs).[70] Techniques such as ‘Differential Privacy’ provide a mathematical guarantee that a model’s output does not reveal the presence of a specific individual’s data in the training set.[34, 37] ‘Homomorphic Encryption’ and ‘Secure Multi-party Computation’ allow models to be trained on encrypted data, ensuring that the model developer never has access to the raw personal information, thereby making the “right to be forgotten” a matter of key management rather than complex neural unlearning.[70, 71]
Conclusion: Reclaiming the Human Right to Oblivion
The right to be forgotten is a pivotal development in the history of human rights, representing a conscious attempt to rebalance the scales between individual autonomy and the technological capacity for infinite memory. While the 2014 Google Spain decision and GDPR Article 17 provided the necessary legal foundation, the subsequent decade has revealed that the “right to erasure” is a dynamic and often fragile concept.
Technological advancements in AI and blockchain have created fundamental contradictions with the legal requirements of erasure, necessitating a shift from simple deletion to more complex strategies of anonymisation, unlearning and cryptographic isolation. At the same time, the rise of data brokers and massive aggregation has made the burden of “privacy self-management” untenable for the average citizen, prompting a move toward automated, systemic enforcement mechanisms like California’s DROP system.
Ultimately, the right to be forgotten is about more than just data hygiene; it is a safeguard for the human capacity for growth, change, and rehabilitation. In an era where every digital footprint is etched onto virtual walls in perpetuity, the ability to forget selectively is not just a legal luxury - it is a psychological and societal necessity for a future that is not permanently burdened by its past. The successful integration of this right into the fabric of the digital economy will require a multi-pronged approach that combines robust legal oversight, technical innovation in PETs and SSI, and a continuous societal debate about the appropriate boundaries between the public’s right to know and the individual’s right to be forgotten.
1. The Right to Be Forgotten: Google Spain as a Benchmark for Free ..., https://cjil.uchicago.edu/print-archive/right-be-forgotten-google-spain-benchmark-free-speech-versus-privacy
2. THE RIGHT TO BE FORGOTTEN UNDER GDPR: LEGAL SCOPE AND PRACTICAL CHALLENGES - IJFMR, https://www.ijfmr.com/papers/2025/4/51772.pdf
3. The Right to Be Forgotten Is Dead: Data Lives Forever in AI | TechPolicy.Press, https://www.techpolicy.press/the-right-to-be-forgotten-is-dead-data-lives-forever-in-ai/
4. Right to be forgotten - Wikipedia, https://en.wikipedia.org/wiki/Right_to_be_forgotten
5. What Is GDPR Article 17 (Right to Erasure) and 4 Ways to Achieve Compliance | Exabeam, https://www.exabeam.com/explainers/gdpr-compliance/what-is-gdpr-article-17-right-to-erasure-and-4-ways-to-achieve-compliance/
6. Full article: Libraries, privacy, and the right to be forgotten - Taylor & Francis, https://www.tandfonline.com/doi/full/10.1080/07317131.2025.2467572
7. Right to be Forgotten - General Data Protection Regulation (GDPR), https://gdpr-info.eu/issues/right-to-be-forgotten/
8. Google Spain v AEPD and Mario Costeja González - Wikipedia, https://en.wikipedia.org/wiki/Google_Spain_v_AEPD_and_Mario_Costeja_Gonz%C3%A1lez
9. Right to be forgotten: ECtHR and CJEU Case-Law - ECHR-KS, https://ks.echr.coe.int/documents/d/echr-ks/right-to-be-forgotten
10. Right to be forgotten on the Internet | EUR-Lex - European Union, https://eur-lex.europa.eu/EN/legal-content/summary/right-to-be-forgotten-on-the-internet.html
11. “Right to be Forgotten” or “Right to Know”? - CCDCOE, https://ccdcoe.org/incyder-articles/right-to-be-forgotten-or-right-to-know/
12. From Google Spain to Gen Alpha: The Right to Be Forgotten and the Digital Protection of Children under International Law - Opinio Juris, https://opiniojuris.org/2025/10/15/from-google-spain-to-gen-alpha-the-right-to-be-forgotten-and-the-digital-protection-of-children-under-international-law/
13. Right to be forgotten in 2025 - Digital Watch Observatory, https://dig.watch/topics/right-to-be-forgotten
14. The Right to Be Forgotten (Google v. Spain) - Epic.org, https://archive.epic.org/privacy/right-to-be-forgotten/
15. Google v. CNIL: The Territorial Scope of the Right to Be Forgotten Under EU Law, https://www.europeanpapers.eu/europeanforum/google-v-cnil-territorial-scope-of-right-to-be-forgotten-under-eu-law
16. Information for individuals - European Commission, https://commission.europa.eu/law/law-topic/data-protection/information-individuals_en
17. Everything you need to know about the “Right to be forgotten” - GDPR.eu, https://gdpr.eu/right-to-be-forgotten/
18. How is the Right to Erasure Applied Under the GDPR? A Complete Guide to Organizational Compliance - Jetico, https://jetico.com/blog/how-right-erasure-applied-under-gdpr-complete-guide-organizational-compliance/
19. Right to erasure | ICO - Information Commissioner’s Office, https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-erasure/
20. Right to be Forgotten - How it works - GDPR, https://www.gdpreu.org/right-to-be-forgotten/
21. Guide to International Data Privacy Laws | Netwrix, https://netwrix.com/en/resources/blog/international-data-privacy-laws/
22. The right to erasure (Articles 17 & 19 of the GDPR) - Data Protection Commission, http://www.dataprotection.ie/en/individuals/know-your-rights/right-erasure-articles-17-19-gdpr
23. The right to be forgotten under the digital personal data protection act, 2023 - International Journal of Law, https://www.lawjournals.org/assets/archives/2025/vol11issue6/11131.pdf
24. Five actionable steps to GDPR compliance (Right to be forgotten) with Amazon Redshift, https://aws.amazon.com/blogs/big-data/five-actionable-steps-to-gdpr-compliance-right-to-be-forgotten-with-amazon-redshift/
25. CCPA vs GDPR: Infographic & 10 Differences You Need To Know - Cookiebot, https://www.cookiebot.com/en/ccpa-vs-gdpr/
26. Differences Between the CCPA and GDPR and LGPD | Blog - OneTrust, https://www.onetrust.com/blog/what-are-the-differences-between-ccpa-and-gdpr-and-lgpd/
27. Global Data Privacy Laws by Country (Updated October 2024) - GetTerms, https://getterms.io/blog/global-data-privacy-laws-by-country
28. California Approves Regulations for the Delete Act and DROP Platform - Pearl Cohen, https://www.pearlcohen.com/california-approves-regulations-for-the-delete-act-and-drop-platform/
29. Right to be forgotten sets privacy against freedom of expression - Canadian Bar Association, https://www.cba.org/resources/cba-practicelink/right-to-be-forgotten-sets-privacy-against-freedom-of-expression/
30. Google LLC v. National Commission on Informatics and Liberty (CNIL) - Global Freedom of Expression, https://globalfreedomofexpression.columbia.edu/cases/google-llc-v-national-commission-on-informatics-and-liberty-cnil/
31. Google v. CNIL: The Territorial Scope of the Right to Be Forgotten Under EU Law - European Papers, https://www.europeanpapers.eu/system/files/pdf_version/EP_EF_2020_I_003_Mary_Samonte_00332.pdf
32. CJEU Rules “Right to be Forgotten” on Google Limited to the EU in Landmark Case, https://www.hunton.com/privacy-and-information-security-law/cjeu-rules-right-to-be-forgotten-on-google-limited-to-the-eu-in-landmark-case
33. CNIL v. Google LLC - Global Freedom of Expression, https://globalfreedomofexpression.columbia.edu/cases/cnil-v-google-llc/
34. What Happens to the Right to Be Forgotten When AI Never Forgets ..., https://emildai.eu/what-happens-to-the-right-to-be-forgotten-when-ai-never-forgets-is-data-erasure-an-illusion/
35. The Myth of Machine Unlearning: The Complexities of AI Data Removal, https://d3.harvard.edu/the-myth-of-machine-unlearning-the-complexities-of-ai-data-removal/
36. Machine Unlearning – A Potential Option for Remedy?, https://www.fbm.com/publications/machine-unlearning-a-potential-option-for-remedy/
37. Bridge the Gaps between Machine Unlearning and AI Regulation - arXiv, https://arxiv.org/html/2502.12430v1
38. Data, Cyber + Privacy Predictions for 2026 | Morrison Foerster, https://www.mofo.com/resources/insights/251218-data-cyber-privacy-predictions-for-2026
39. Analysis of solutions for a blockchain compliance with GDPR - PMC - PubMed Central - NIH, https://pmc.ncbi.nlm.nih.gov/articles/PMC9440070/
40. The Right to be Forgotten and the Immutability of Blockchain Technology, https://goodlawsoftware.co.uk/law/the-right-to-be-forgotten-and-the-immutability-of-blockchain-technology/
41. Living in Digital Harmony: Immutable Blockchains and the Right to be Forgotten, https://www.landers.com.au/legal-insights-news/living-in-digital-harmony-immutable-blockchains-and-the-right-to-be-forgotten
42. The Right to be Forgotten Meets the Immutable - Cravath, Swaine & Moore LLP, https://www.cravath.com/a/web/636/3898415_1.pdf
43. When Blockchain Immutability Meets the GDPR Article 17 Right to be Forgotten, https://secureprivacy.ai/blog/blockchain-immutability-vs-gdpr-article-17-right-to-be-forgotten
44. Remove doxxing from the internet - Right To Be Forgotten Lawyers, https://arighttobeforgotten.co.uk/services/remove-doxxing-from-the-internet
45. Right to Be Forgotten - Erasing Your Private Information From Cyberspace, https://legal.thomsonreuters.com/en/insights/articles/erasing-your-private-information-from-cyberspace
46. You Have the Right to be Deleted: First Amendment Challenges to Data Broker Deletion Laws - Georgetown Law Technology Review, https://georgetownlawtechreview.org/you-have-the-right-to-be-deleted-first-amendment-challenges-to-data-broker-deletion-laws/GLTR-05-2025/
47. Don’t Believe Data Brokers Saying Data Deletion Is Snake Oil - Epic.org, https://epic.org/dont-believe-data-brokers-saying-data-deletion-is-snake-oil/
48. The Limitations of Privacy Rights | Notre Dame Law Review, https://ndlawreview.org/the-limitations-of-privacy-rights/
49. 2025 State Privacy Roundup: Key Trends and California Developments to Watch in 2026, https://www.squirepattonboggs.com/insights/publications/2025-state-privacy-roundup-key-trends-and-california-developments-to-watch-in-2026/
50. The Delete Act and DROP: What You Need to Know - DataGrail, https://www.datagrail.io/blog/regulations/the-delete-act-and-drop-what-you-need-to-know/
51. The Internet Archive: The Double-Edged Sword of Information Freedom and Privacy, https://discuss.privacyguides.net/t/the-internet-archive-the-double-edged-sword-of-information-freedom-and-privacy/31785
52. Wayback Machine - Internet Archive: Deleted Posts in Legal - Page Vault Resources, https://blog.page-vault.com/wayback-machine-evidence
53. User Privacy Restrictions On X (Twitter) Content FAQs - CivicPlus Help Center, https://www.civicplus.help/social-media-archiving/docs/user-privacy-restrictions-on-twitter-content-faqs
54. Remembering Me: Big Data, Individual Identity, and the Psychological Necessity of Forgetting - Equality Project, http://www.equalityproject.ca/wp-content/uploads/2017/05/3-Remembering-Me-Big-Data-Individual-Identity-and-the-Psychologi.pdf
55. The Right to be Forgotten - Rehabilitation in the digital age - Unlock, https://unlock.org.uk/the-right-to-be-forgotten-rehabilitation-in-the-digital-age/
56. (PDF) Right to be Forgotten in Spent Criminal Convictions - ResearchGate, https://www.researchgate.net/publication/342692894_Right_to_be_Forgotten_in_Spent_Criminal_Convictions
57. Chasing a Clean Slate: The Shifting Roles of Privacy and Technology in Criminal Record Expungement Law and Policy, https://jolt.law.harvard.edu/assets/articlePDFs/v38/1-Corda-Lageson.pdf
58. Data privacy and the right to be forgotten - World Journal of Advanced Research and Reviews, https://wjarr.com/sites/default/files/WJARR-2022-1079.pdf
59. (PDF) Data Privacy and the Right to be Forgotten - ResearchGate, https://www.researchgate.net/publication/390233683_Data_Privacy_and_the_Right_to_be_Forgotten
60. Full article: Has English privacy law gone too far? Police investigations and the media’s ability to report on serious wrongdoing, https://www.tandfonline.com/doi/full/10.1080/17577632.2025.2526908
61. Chaos and Credibility: A Snapshot of How AI Is Impacting Press Freedom and Investigative Journalism, https://gijn.org/stories/ai-impacts-press-freedom-investigative-journalism/
62. A New Era of Data Deletion: Inside California’s DROP System, https://consumer-protection-dispatch.pillsburylaw.com/data-deletion-california-drop-system/
63. Data brokers - privacy.ca.gov, https://privacy.ca.gov/data-brokers/
64. About DROP and the Delete Act - privacy.ca.gov, https://privacy.ca.gov/drop/about-drop-and-the-delete-act/
65. CEF 2025: Launch of coordinated enforcement on the right to erasure, https://www.edpb.europa.eu/news/news/2025/cef-2025-launch-coordinated-enforcement-right-erasure_en
66. Self-Sovereign Identity: Unlocking the Future of Trust | Softtek Whitepaper, https://www.softtek.com/hubfs/insights/white-papers/Softtek_Self-Sovereign_Identity_unlocking_the_future_of_trust_EN.pdf?hsLang=en
67. The YouGovern Secure Blockchain-Based Self-Sovereign Identity (SSI) Management and Access Control - MDPI, https://www.mdpi.com/2076-3417/15/12/6437
68. Self-Sovereign Identity: A Systematic Review, Mapping and Taxonomy - PMC, https://pmc.ncbi.nlm.nih.gov/articles/PMC9371034/
69. Decentralized, Self-Sovereign, Consortium: The Future of Digital Identity in Canada, https://www.frontiersin.org/journals/blockchain/articles/10.3389/fbloc.2021.624258/full
70. Privacy-Enhancing and Privacy- Preserving Technologies in AI: - Centre for Information Policy Leadership, https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl_pets_and_ppts_in_ai_mar25.pdf
71. Data, privacy, and cybersecurity developments we are watching in 2026, https://www.mwe.com/insights/data-privacy-and-cybersecurity-developments-we-are-watching-in-2026/