• Home >
  • Blog >
  • Do Online Privacy Laws Really Protect Your Data?

Do Online Privacy Laws Really Protect Your Data?

  • Updated on August 26, 2025
Online privacy laws aim to balance the benefits of data collection with the need to safeguard personal information.

In today’s world, data is currency. Companies collect information about you so they can advertise products and services, train and improve their products, and, in some cases, sell your data to the highest bidder.

But when does it go too far? At what point are you allowed to say “enough,” and ask for your data back? Can you even get it back? 

These are the questions that data privacy specialists have been asking for years. Shouldn’t some information remain private? It should, according to many security experts and some national governments. The European Union (EU) addressed data privacy with its sweeping General Data Protection Regulation (GDPR), passed in 2016. The U.S. state of California followed suit not long after with the California Consumer Protection Act (CCPA) in 2018.

Data is still a hot commodity these days but thanks to some legal protections and policies implemented by private tech companies like Alphabet, you can start asking for your data back. The ethical implications of data removal are complicated but there’s one fundamental idea that underpins it all: you should be in charge of your personal data.

The Right to Be Forgotten

There’s a saying in tech that goes “the internet is forever,” meaning once something’s published online, it stays there. But there’s been a lot of pushback on this idea in the last several years. As data collection expanded and people realized that more and more of their info was publicly available on the internet, a new concept developed, called “the right to be forgotten.”

There are several ideas behind the concept of the right to be forgotten, and these principles are at the heart of most modern data privacy laws:

  • Transparency: You should know how your data is being collected, used, and stored.
  • Consent: Data collectors should delete upon request, especially if you withdraw consent.
  • Purpose Limitation: Organizations should only use data for the purpose it was collected for and delete it when it’s no longer necessary.
  • Accountability: Organizations must handle data deletion requests responsibly.
  • Fairness: Data deletion practices shouldn’t discriminate.

To be clear, the right to be forgotten and the right to privacy aren’t the same thing. The right to be forgotten is the right to revoke public access to information that was public at one time, whereas the right to privacy is the right to have private information shared in the first place.

The right to be forgotten can also be a bit narrow in scope. It usually only applies to data that is no longer being used or is no longer relevant for the purpose it was collected. For the most part, it applies to search engines and online directories, and less so to individual websites. The right to be forgotten doesn’t always equate to data deletion; in most cases, it simply means reducing the visibility of the information in question by removing it from search engine indexes.

The right to be forgotten allows individuals to hide outdated or irrelevant information from search results, ensuring it no longer defines their future.

Why Does the Right to Be Forgotten Matter?

Why does the right to be forgotten matter? Imagine you get convicted of a minor crime and it gets reported on in the local news. You pay your fine, serve your time, and now your conviction is in the past. Except it isn’t, because that local news story is still published, and still pops up as a top search result when anyone runs a Google search on your name.

Prospective employers, bank loan officers, college admissions officers, potential romantic partners—anyone can see you were convicted of this crime. So even if you’re no longer legally required to disclose this conviction, it can still be found, pretty easily.

The right to be forgotten would allow you to submit a request to Google asking for information directly related to you to be removed from search results, so it’s no longer the first thing popping up when people search your name. The local news site isn’t obligated to take it down, though, so it’s still findable, just much less visible.

There are many situations in which the right to be forgotten would be beneficial, if not essential:

  • Bankruptcy
  • Medical Malpractice
  • Divorce
  • Workplace Harassment

The Right to Be Forgotten: EU Only

It’s worth mentioning that this concept isn’t legally binding in the U.S. The GDPR extends this right to residents of the European Union, but there is no federal U.S. law that requires search engines like Google to accommodate requests to have personal information un-indexed.

The U.S. government has stated that de-indexing search results about individuals this way would be considered a violation of the First Amendment’s protection of free speech and free press.

The CCPA does allow individuals under 18 years of age to request the removal of personal information posted on websites, social media platforms, and online apps. It only applies to California, though, and it’s the only state-level legislation of its kind for now.

Some privately-owned news organizations have started their own data deletion programs, allowing individuals convicted of minor crimes to request to have stories about them deleted.

In 2022, Google also introduced a search tool that lets you find and request the “removal of search results that contain your personal phone number, home address or email address.” You should ideally contact the website with your information published on it first, but if that doesn’t work, Google may try to delete info that could put you at risk for identity theft.

U.S. States with Data Privacy Laws

Although the right to erasure may not be a federal-level law in the U.S., the privacy movement is taking hold. More and more states are introducing data privacy laws meant to protect individuals from having private or personal details published online.

In many cases, it goes beyond privacy—it’s also a question of safety. Having personally identifiable information published online could make it easier for someone to steal your identity. Some states are, therefore, taking a stand and trying to protect their residents’ data online.

Here are the U.S. states with data privacy laws:

  • California
  • Colorado
  • Connecticut
  • Delaware
  • Florida
  • Indiana
  • Iowa
  • Kentucky
  • Maryland
  • Minnesota
  • Montana
  • New Hampshire
  • Nebraska
  • New Jersey
  • Oregon
  • Rhode Island
  • Tennessee
  • Texas
  • Utah
  • Virginia

Some states don’t have comprehensive data privacy laws, but they do have some narrower consumer privacy laws on the books:

  • Maine
  • Michigan
  • Nevada
  • New York
  • Vermont
  • Washington
Data removal from data broker websites requires contacting the brokers directly or using tools to follow their removal processes.

How to Get Your Data Removed

If you want to have personal information about you removed online, there’s probably one of several ways to do it. It depends on where the information you want to remove is hosted:

  • Public website (such as a news media site): You’ll have to contact the webmaster in charge of the website, in most cases. There may be a process or form to fill out, but in many cases you’ll just have to send an email and ask.
  • Data broker websites: Some of the biggest data brokers in the U.S. are Experian, Equifax, Epsilon, Acxiom, and CoreLogic. If you want to get your information removed from their databases, you’ll have to contact them or go through specific processes as well. You can use a personal data scan tool to find out what data brokers have on you and a tool like Incogni to get it removed.
  • Search engines: If you’re in the U.S., you can go to Google’s Remove My Data tool to request to have your info removed. If you’re in the EU, you can submit a delisting request.

If you’re asking Google to remove your data from search listings, keep in mind that Google reviews each request and there’s no guarantee that yours will be granted. The GDPR does require Google to accommodate requests but also gives it some authority to evaluate if matters are of “the public interest” and should really be taken down or not.

In the U.S., Google isn’t even legally obligated to acknowledge your request, and the Remove My Data tool is an initiative the company launched on its own.

Asking for a Copy of Your Data: Data Subject Access Requests

The GDPR also established the concept of the Data Subject Access Request (DSAR). It’s the technical term that means you’re asking for a copy of the data a company has on you. In the EU, organizations are required to give you this information when you ask for it.

In the U.S., it’s more complicated. The CCPA requires compliance with DSAR requests, and any U.S.-based organizations processing data of EU residents must also comply.

Data Deletion Ethics: It’s Your Information on the Line

Online privacy laws have come a long way, and you can take a little bit more control of how your information appears online. But there’s still a long way to go. Most individuals would be shocked to know how much information is publicly available about them. Some have had to deal with past mistakes for far longer than necessary because “the internet is forever.”

If you’re worried about what might be floating around on the web about you, you should take a proactive stance and find out. Then, do what you can to get it removed. Even if it’s not fully removed from the website that originally published it, you might have the ability to get it delisted from search results.

Take back control of your data and protect your privacy.

Picture of <span>About The Author</span>Chris Parker

About The AuthorChris Parker

Chris Parker is the founder of WhatIsMyIPAddress.com, one of the world’s most popular websites for online privacy and security with over 13 million monthly visitors. He is also the host of the Easy Prey podcast, where he interviews experts and survivors to uncover the tactics behind scams, fraud, and digital manipulation. Chris is the author of Privacy Crisis: How to Maintain Your Privacy Without Becoming a Hermit, a practical guide to protecting personal information in today’s surveillance-driven world. His work has been featured on ABC News and numerous podcasts, making him a trusted voice on how to stay safe, secure, and private online.
Share Post:

INSIGHTS YOU

MAY ALSO LIKE

Social Engineering – Don’t let anyone manipulate you

You play a role in preventing social engineering. So, just what is social engineering? It’s a vague term that’s used for online shenanigans and…

View Post

11 Ways People Can Get Your IP Address

If you think that only your Internet Service Provider (ISP), such as Cox Cable or Verizon, knows your IP address, think again. (Your IP…

View Post
APC AP9630 Network Management Card

How To Reset an APC AP9630 / AP9631 to DHCP Mode

This post was moved over from an old blog of mine that I’ve since taken down. Several years ago I purchased an APC AP9630…

View Post

WHAT PEOPLE SAY

ABOUT CHRIS

“In a world where your data is constantly mined, shared, and sold, Chris Parker delivers a tactical, empowering roadmap to take back control. This isn’t just theory. It’s a step-by-step manual for protecting your privacy, escaping the surveillance economy, and living with true autonomy.

If You’re a lifestyle investor or entrepreneur looking to protect your assests, your family, or your freedom, this book is your wake-up call.

I recommend these books to anyone who values freedom, legacy, and the power of living life on your terms.“

justin-donald
— Justin Donald, #1 WSJ and USA Today Best-Selling Author, 
Founder of The Lifestyle Investor, Host of The Lifestyle Investor Podcast

“In today’s AI-driven world, where so much of our communication is inauthentic, Privacy Crisis serves as an essential guide to reclaiming control over your personal information.Chris Parker confronts the unsettling reality of how our everyday details are used by companies 
to market to us, and worse, by hackers to spy on us and steal from us. Yet digital data is everyone’s reality, and Data Rightsdelivers a balanced message of empowerment without paranoia. The book’s core message – privacy isn’t about hiding; it’s about choosing what we reveal and to whom – is an essential message for everyone, making this book a must-read.“

sam Ritcher 1
— Sam Richter, World-Renowned Expert on AI-Powered Digital Information, Award-Winning Hall 
of Fame Speaker and Bestselling Author

“As the assaults on our privacy become more frequent and sophisticated, we need someone like Chris Parker to help us navigate the landscape of our new reality. In ‘Privacy Crisis,’ Chris dishes out valuable, common sense solutions everyone can understand and put to immediate use.

sam Ritcher 3
— Steve Lazarus, Retired FBI Agent and award-winning author

“In a world where everything we do online leaves a digital footprint, Privacy Crisis is an essential guide to reclaiming control. Chris Parker masterfully demystifies the complexities of data privacy with practical strategies and a refreshing, no-nonsense approach. This book doesn’t just warn you about the dangers—it equips you with the tools to protect yourself without living in fear.“

sam Ritcher 2
— Nir Eyal, bestselling author of Indistractable and Hooked

“The essential manual for protecting yourself in the digital age! Chris Parker masterfully breaks down complex privacy concepts into actionable steps for everyday users.

sam Ritcher 5
— Robert Allen, #1 New York Times Bestselling author of Creating Wealth, Multiple Streams of Income, and Nothing Down

We all need to protect our digital privacy. This book provides real-world examples and the guidance we need to protect ourselves and our loved ones.“

sam Ritcher 6
— John Lee Dumas, Author of The Common Path to Uncommon Success & Host of Entrepreneurs on Fire podcast

DOWNLOAD CHRIS’ BOOK

PRIVACY CRISIS

DOWNLOAD YOUR FREE PDF, MP3, and workbook by entering your details below.

We respect your privacy. 

Don’t want to share your email?

DOWNLOAD anonymously

Privacy Policy

Privacy Policy

This following document sets forth the Privacy Policy for this website.

Collection of your personal information

We collect Non-Personally Identifiable Information from visitors to this Website. Non-Personally Identifiable Information is information that cannot by itself be used to identify a particular person or entity, and may include your IP host address, pages viewed, browser type, Internet browsing and usage habits, advertisements that you click on, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.

Free offers & opt-ins

Participation in providing your email address in return for an offer from this site is completely voluntary and the user therefore has a choice whether or not to disclose your information. You may unsubscribe at any time so that you will not receive future emails.

Sharing of your personal information

Your personal information that we collect as a result of you purchasing our products & services, will NOT be shared with any third party, nor will it be used for unsolicited email marketing or spam. We may send you occasional marketing material in relation to our design services.

What Information Do We Collect?

If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses.

Cookie Based Marketing

Some of our advertising campaigns may track users across different websites for the purpose of displaying advertising. We do not know which specific website are used in these campaigns, but you should assume tracking occurs, and if this is an issue you should turn-off third party cookies in your web browser.

How Do We Use Information We Collect from Cookies?

As you visit and browse Our Website, the Our Website uses cookies to differentiate you from other users. In some cases, we also use cookies to prevent you from having to log in more than is necessary for security. Cookies, in conjunction with our web server log files or pixels, allow us to calculate the aggregate number of people visiting Our Website and which parts of the site are most popular.

This helps us gather feedback to constantly improve Our Website and better serve our clients. Cookies and pixels do not allow us to gather any personal information about you and we do not intentionally store any personal information that your browser provided to us in your cookies.

IP Addresses

P addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the Web pages you request) can be sent to you.

Sharing and Selling Information

We do not share, sell, lend or lease any of the information that uniquely identify a subscriber (such as email addresses or personal details) with anyone except to the extent it is necessary to process transactions or provide Services that you have requested.

How Can You Access and Correct Your Information?

You may request access to all your personally identifiable information that we collect online and maintain in our database by using our contact page form.

Changes to this Privacy Policy

We reserve the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use this website. You may contact us at any time with regards to this privacy policy.