Contents
There is a vast range of information readily available online. While this is usually beneficial for a number of reasons, it can become problematic when it involves personal information. In today’s digital landscape, protecting your personal data has never been more important.
Personal information generally refers to any data that can be used to identify you – for example, your email address, phone number, or even your home address. With more devices and platforms collecting this type of data, it’s vital to know your rights.
In some jurisdictions, individuals can enjoy the right to be forgotten – a feature that helps ensure their personal data is not persistently retained by organisations. This can provide significant peace of mind in an era when data breaches and online profiling are frequently in the news.
In this article, we’ll explore the concept of the right to be forgotten as it exists in Europe and discuss whether a similar right is available in Australia in 2025.
What Is The Right To Be Forgotten?
The right to be forgotten is essentially your legal ability to request that organisations remove your personal data from their records. In other words, you can ask any party that holds your information to erase it when it’s no longer necessary for their legitimate purposes.
This right is set out specifically under Article 17 of the General Data Protection Regulation (GDPR). Notably, the regulation requires that any erasure be carried out without ‘undue delay’ – typically within a month.
The right to be forgotten complements an individual’s right to access their personal information, as established in Article 15 of the GDPR. Together, these rights are designed to give you greater control over your personal data in the digital age.
The right typically applies when:
- Your personal data is no longer necessary for the organisation’s original purpose for collecting it
- You withdraw your prior consent for its processing
- A previously valid legitimate interest no longer justifies the processing
- You object to the processing of your data, particularly for direct marketing purposes
- Your data has been processed unlawfully
- Data removal is required by law
- A child’s personal data has been used in the provision of information society services
How To Remove Personal Information From The Internet
As mentioned, Article 17 of the GDPR grants individuals the right to request the removal of their personal data from the records of certain organisations. However, this right does not extend to Australia.
So, if you are based in Australia and want to have your personal information removed from online sources, what options do you have?
While you cannot rely on the GDPR in Australia, you can still look to the Australian Privacy Principles (APPs) for guidance. For businesses, ensuring your website includes a comprehensive privacy policy is crucial to outline your data handling practices. Additionally, if the personal information available online is defamatory or untrue, you may pursue action under the tort of defamation to have the offending material removed.
It is important to note that, in Australia, legal removal of personal data typically hinges on the basis of defamatory content rather than a general right to be forgotten.
What Does Australian Privacy Law Say?
In Australia, privacy matters are governed by the Privacy Act 1988 along with the Australian Privacy Principles (APPs). As of 2025, while there is no explicit “right to be forgotten,” the framework does offer significant protections for your personal data.
Instead of a blanket data removal right, Australian law focuses on two main principles that are akin to this concept-namely, APP 12 and APP 13.
Australian Privacy Principles
The Australian Privacy Principles provide a comprehensive framework for organisations to manage personal data. If your business has an annual turnover exceeding $3 million, the Privacy Act applies and you must comply with these obligations. For detailed information on privacy requirements, you might also find our Online Business Privacy guide insightful.
In the context of the right to be forgotten, two APPs are particularly relevant:
APP 12 requires that an APP entity provide you with access to your personal information upon request. However, it does not entitle you to demand that the data be erased.
There are circumstances when an entity may refuse access to certain personal data – for example, if releasing that information would be unlawful.
APP 13 mandates that personal information must be kept accurate, up-to-date, and not misleading. This means that while you cannot have your data “forgotten” outright, you do have the right to request corrections when necessary.
What Is The Tort Of Defamation?
Another pathway to address unwanted online content in Australia is through defamation law. If your personal data has been misrepresented in a way that harms your reputation, you may pursue legal remedies under the tort of defamation.
This generally applies if false or damaging statements are published online, prompting harm to your reputation. Common remedies include compensation for damages or injunctions, where the court orders the removal of the material.
For businesses and individuals seeking further guidance on handling defamatory content, our resources on contract reviews and legal strategies might be helpful.
General Data Protection Regulation
The GDPR is a landmark privacy regulation that applies across the European Union. Its provisions, including the right to be forgotten, have set a global benchmark for data protection.
Even if you are an Australian business, if you have customers or operations within the EU, you may be subject to the GDPR. This means it is essential to stay informed on international data protection standards. For additional insights, you can visit our Privacy Policy resource.
It’s always a good idea to speak with a lawyer who can guide you through your specific privacy obligations, particularly if your business operates across multiple regions.
Furthermore, as we move further into 2025, there has been increased scrutiny over data retention practices globally. Organisations are now more focused on ensuring data minimisation and implementing robust data breach response plans to protect consumer information.
Key Takeaways
The right to be forgotten is a privacy right enshrined in the EU through the GDPR, allowing individuals to request the deletion of their personal data. In Australia, while such a right does not exist, there are comparable safeguards through the Australian Privacy Principles that afford you access to your data and ensure its accuracy.
It is also important to note that if your personal information is published in a defamatory manner, the tort of defamation provides a legal route to have such content removed. Meanwhile, as digital data privacy evolves in 2025, staying informed and compliant with both local and international standards remains paramount.
If you need further help or guidance regarding your privacy obligations as a business in Australia, our privacy lawyers are here to help. For more detailed insights into your legal responsibilities, feel free to check out our guides on online business privacy or contact us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.
Meet some of our Data & Privacy Lawyers
Get in touch now!
We'll get back to you within 1 business day.