Do Online Privacy Laws Really Protect Your Data?

  • Home >
  • Blog >
  • Do Online Privacy Laws Really Protect Your Data?
Online privacy laws aim to balance the benefits of data collection with the need to safeguard personal information.
  • Updated on September 11, 2025

In today’s world, data is currency. Companies collect information about you so they can advertise products and services, train and improve their products, and, in some cases, sell your data to the highest bidder.

But when does it go too far? At what point are you allowed to say “enough,” and ask for your data back? Can you even get it back?

These are the questions that data privacy specialists have been asking for years. Shouldn’t some information remain private? It should, according to many security experts and some national governments. The European Union (EU) addressed data privacy with its sweeping General Data Protection Regulation (GDPR), passed in 2016. The U.S. state of California followed suit not long after with the California Consumer Protection Act (CCPA) in 2018.

Data is still a hot commodity these days but thanks to some legal protections and policies implemented by private tech companies like Alphabet, you can start asking for your data back. The ethical implications of data removal are complicated but there’s one fundamental idea that underpins it all: you should be in charge of your personal data.

The Right to Be Forgotten

There’s a saying in tech that goes “the internet is forever,” meaning once something’s published online, it stays there. But there’s been a lot of pushback on this idea in the last several years. As data collection expanded and people realized that more and more of their info was publicly available on the internet, a new concept developed, called “the right to be forgotten.”

There are several ideas behind the concept of the right to be forgotten, and these principles are at the heart of most modern data privacy laws:

  • Transparency: You should know how your data is being collected, used, and stored.
  • Consent: Data collectors should delete upon request, especially if you withdraw consent.
  • Purpose Limitation: Organizations should only use data for the purpose it was collected for and delete it when it’s no longer necessary.
  • Accountability: Organizations must handle data deletion requests responsibly.
  • Fairness: Data deletion practices shouldn’t discriminate.

To be clear, the right to be forgotten and the right to privacy aren’t the same thing. The right to be forgotten is the right to revoke public access to information that was public at one time, whereas the right to privacy is the right to have private information shared in the first place.

The right to be forgotten can also be a bit narrow in scope. It usually only applies to data that is no longer being used or is no longer relevant for the purpose it was collected. For the most part, it applies to search engines and online directories, and less so to individual websites. The right to be forgotten doesn’t always equate to data deletion; in most cases, it simply means reducing the visibility of the information in question by removing it from search engine indexes.

The right to be forgotten allows individuals to hide outdated or irrelevant information from search results, ensuring it no longer defines their future.

Why Does the Right to Be Forgotten Matter?

Why does the right to be forgotten matter? Imagine you get convicted of a minor crime and it gets reported on in the local news. You pay your fine, serve your time, and now your conviction is in the past. Except it isn’t, because that local news story is still published, and still pops up as a top search result when anyone runs a Google search on your name.

Prospective employers, bank loan officers, college admissions officers, potential romantic partners—anyone can see you were convicted of this crime. So even if you’re no longer legally required to disclose this conviction, it can still be found, pretty easily.

The right to be forgotten would allow you to submit a request to Google asking for information directly related to you to be removed from search results, so it’s no longer the first thing popping up when people search your name. The local news site isn’t obligated to take it down, though, so it’s still findable, just much less visible.

There are many situations in which the right to be forgotten would be beneficial, if not essential:

  • Bankruptcy
  • Medical Malpractice
  • Divorce
  • Workplace Harassment

The Right to Be Forgotten: EU Only

It’s worth mentioning that this concept isn’t legally binding in the U.S. The GDPR extends this right to residents of the European Union, but there is no federal U.S. law that requires search engines like Google to accommodate requests to have personal information un-indexed.

The U.S. government has stated that de-indexing search results about individuals this way would be considered a violation of the First Amendment’s protection of free speech and free press.

The CCPA does allow individuals under 18 years of age to request the removal of personal information posted on websites, social media platforms, and online apps. It only applies to California, though, and it’s the only state-level legislation of its kind for now.

Some privately-owned news organizations have started their own data deletion programs, allowing individuals convicted of minor crimes to request to have stories about them deleted.

In 2022, Google also introduced a search tool that lets you find and request the “removal of search results that contain your personal phone number, home address or email address.” You should ideally contact the website with your information published on it first, but if that doesn’t work, Google may try to delete info that could put you at risk for identity theft.

U.S. States with Data Privacy Laws

Although the right to erasure may not be a federal-level law in the U.S., the privacy movement is taking hold. More and more states are introducing data privacy laws meant to protect individuals from having private or personal details published online.

In many cases, it goes beyond privacy—it’s also a question of safety. Having personally identifiable information published online could make it easier for someone to steal your identity. Some states are, therefore, taking a stand and trying to protect their residents’ data online.

Here are the U.S. states with data privacy laws:

  • California
  • Colorado
  • Connecticut
  • Delaware
  • Florida
  • Indiana
  • Iowa
  • Kentucky
  • Maryland
  • Minnesota
  • Montana
  • New Hampshire
  • Nebraska
  • New Jersey
  • Oregon
  • Rhode Island
  • Tennessee
  • Texas
  • Utah
  • Virginia

Some states don’t have comprehensive data privacy laws, but they do have some narrower consumer privacy laws on the books:

  • Maine
  • Michigan
  • Nevada
  • New York
  • Vermont
  • Washington

Data removal from data broker websites requires contacting the brokers directly or using tools to follow their removal processes.

How to Get Your Data Removed

If you want to have personal information about you removed online, there’s probably one of several ways to do it. It depends on where the information you want to remove is hosted:

  • Public website (such as a news media site): You’ll have to contact the webmaster in charge of the website, in most cases. There may be a process or form to fill out, but in many cases you’ll just have to send an email and ask.
  • Data broker websites: Some of the biggest data brokers in the U.S. are Experian, Equifax, Epsilon, Acxiom, and CoreLogic. If you want to get your information removed from their databases, you’ll have to contact them or go through specific processes as well. You can use a personal data scan tool to find out what data brokers have on you and a tool like Incogni to get it removed.
  • Search engines: If you’re in the U.S., you can go to Google’s Remove My Data tool to request to have your info removed. If you’re in the EU, you can submit a delisting request.

If you’re asking Google to remove your data from search listings, keep in mind that Google reviews each request and there’s no guarantee that yours will be granted. The GDPR does require Google to accommodate requests but also gives it some authority to evaluate if matters are of “the public interest” and should really be taken down or not.

In the U.S., Google isn’t even legally obligated to acknowledge your request, and the Remove My Data tool is an initiative the company launched on its own.

Asking for a Copy of Your Data: Data Subject Access Requests

The GDPR also established the concept of the Data Subject Access Request (DSAR). It’s the technical term that means you’re asking for a copy of the data a company has on you. In the EU, organizations are required to give you this information when you ask for it.

In the U.S., it’s more complicated. The CCPA requires compliance with DSAR requests, and any U.S.-based organizations processing data of EU residents must also comply.

Data Deletion Ethics: It’s Your Information on the Line

Online privacy laws have come a long way, and you can take a little bit more control of how your information appears online. But there’s still a long way to go. Most individuals would be shocked to know how much information is publicly available about them. Some have had to deal with past mistakes for far longer than necessary because “the internet is forever.”

If you’re worried about what might be floating around on the web about you, you should take a proactive stance and find out. Then, do what you can to get it removed. Even if it’s not fully removed from the website that originally published it, you might have the ability to get it delisted from search results.

Take back control of your data and protect your privacy.

About Your Host

Chris Parker

Chris Parker is the founder of WhatIsMyIPAddress.com, a tech-friendly website attracting a remarkable 6,000,000 visitors a month. In 2000, Chris created WhatIsMyIPAddress.com as a solution to finding his employer’s office IP address. Today, WhatIsMyIPAddress.com is among the top 3,000 websites in the U.S.

Share Post:

COULD YOU BE EASY PREY?

Take the Easy Prey
 Self-Assessment.
Download ASSESSMENT

YOU MAY ALSO LIKE

AI surveillance blurs the line between safety and spying.

The Ethics of AI Surveillance: Are We Trading Our Privacy for Security?

If you’ve ever felt like your smart devices are “spying” on you and silently collecting your personal data to feed the almighty algorithm or…

View Post
Biometric data, such as fingerprints and facial recognition, is now commonly used for identity verification, but its widespread use raises significant privacy concerns.

How the Use of Biometric Data Raises Privacy Concerns

Less than 30 years ago, biometric security seemed like something out of science fiction—reserved for futuristic thriller films like The Bourne Identity or Mission:…

View Post
Data privacy concerns are rising as hackers target consumers' confidential information.

Are Your Personal Details at Risk? Understanding American Consumer Data Privacy Concerns

Professionally and personally, most of us spend a lot of our time online. We use our smartphones and our personal computers for everything from…

View Post

PODCAST reviews

Excellent Podcast

Chris Parker has such a calm and soothing voice, which is a wonderful accompaniment for the kinds of serious topics that he covers. You want a soothing voice as you’re learning about all the ways the bad guys out there are desperately trying to take advantage of us, and how they do cleverly find new and more devious ways each day! It’s a weird world out there! Don’t let your guard down, this podcast will give you some explicit directions!

MTracey141

Required Listening

Somethings are required reading – this podcast should be required listening for anyone using anything connected in the current world.

Apple Podcasts User

Fascinating stuff!

I've listened to quite of few of these podcasts now. Some of the topics I wouldn't have given a second look, but the interviewees have always been very interesting and knowledgeable. Fascinating stuff!

Apple Podcasts User

Excellent Show

Excellent interview. Don't give personal information over the phone … it can be abused in countless ways

George Jenson

Interesting

I've listened to quite of few of these podcasts now. Some of the topics I wouldn't have given a second look, but the interviewees have always been very interesting and knowledgeable. Fascinating stuff!

User22

Content, content, content!

Chris provides amazing content that everyone needs to hear to better protect themselves and learn from other’s mistakes to stay safe!

CaigJ3189

New Favorite Podcast!

Entertaining, educational and I cannot 
get enough! I am excited for more phenomenal content to come and this is sthe only podcast I check frequently to see if a new episode has rolled out.

brandooj

Big BIG ups!

What Chris is doing with this podcast is something that isn’t just desirable, but needed – everyone using the internet should be listening to this! Our naivete is constantly being used against us when we’re online; the best way to combat this is by arming the masses with the information we need to stay wary and keep ourselves safe. Big, BIG ups to Chris for putting the work in for us.

Riley
VIEW MORE REVIEWS

As seen on

COULD YOU BE EASY PREY?

Take the Easy Prey Self-Assessment.
Download ASSESSMENT
close
Embed this image

Copy and paste this code to display the image on your site

COULD YOU BE EASY PREY?

Take the Easy Prey Self-Assessment.

We will only send you awesome stuff!

Privacy Policy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on every page of our site.

The Way We Use Information

We use email addresses to confirm registration upon the creation of a new account.

We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

On occasion, we may send email to addresses of registered users to inform them about changes or new features added to our site.

We use non-identifying and aggregate information to better design our website and to share with advertisers. For example, we may tell an advertiser that X number of individuals visited a certain area on our website, or that Y number of men and Z number of women filled out our registration form, but we would not disclose anything that could be used to identify those individuals.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above.

Our Commitment To Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Affiliated sites, linked sites, and advertisements

CGP Holdings, Inc. expects its partners, advertisers, and third-party affiliates to respect the privacy of our users. However, third parties, including our partners, advertisers, affiliates and other content providers accessible through our site, may have their own privacy and data collection policies and practices. For example, during your visit to our site you may link to, or view as part of a frame on a CGP Holdings, Inc. page, certain content that is actually created or hosted by a third party. Also, through CGP Holdings, Inc. you may be introduced to, or be able to access, information, Web sites, advertisements, features, contests or sweepstakes offered by other parties. CGP Holdings, Inc. is not responsible for the actions or policies of such third parties. You should check the applicable privacy policies of those third parties when providing information on a feature or page operated by a third party.

While on our site, our advertisers, promotional partners or other third parties may use cookies or other technology to attempt to identify some of your preferences or retrieve information about you. For example, some of our advertising is served by third parties and may include cookies that enable the advertiser to determine whether you have seen a particular advertisement before. Through features available on our site, third parties may use cookies or other technology to gather information. CGP Holdings, Inc. does not control the use of this technology or the resulting information and is not responsible for any actions or policies of such third parties.

We use third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. For information about their specific privacy policies please contact the advertisers directly.

Please be careful and responsible whenever you are online. Should you choose to voluntarily disclose Personally Identifiable Information on our site, such as in message boards, chat areas or in advertising or notices you post, that information can be viewed publicly and can be collected and used by third parties without our knowledge and may result in unsolicited messages from other individuals or third parties. Such activities are beyond the control of CGP Holdings, Inc. and this policy.

Changes to this policy

CGP Holdings, Inc. reserves the right to change this policy at any time. Please check this page periodically for changes. Your continued use of our site following the posting of changes to these terms will mean you accept those changes. Information collected prior to the time any change is posted will be used according to the rules and laws that applied at the time the information was collected.