In 2014, the Court of Justice of the European Union handed down a landmark ruling in the case of Google Spain SL v. Agencia Española de Protección de Datos. A Spanish man had successfully argued that Google search results linking to an old newspaper notice about his past debt auction were outdated, irrelevant, and damaging to his reputation. The court agreed — and in doing so, established one of the most consequential digital privacy principles of the modern era: the right to be forgotten.
At its core, the right to be forgotten (RTBF) is the legal concept that individuals can request the removal or de-indexing of personal information from search engines and online platforms when that information is no longer accurate, relevant, or proportionate to any legitimate public interest. It doesn’t necessarily erase the underlying data at its source — it typically means making it harder to find through a search engine query.
The idea taps into something deeply human: the desire for a second chance, for youthful mistakes or old misfortunes to stop defining who you are today. But as a legal right, it is not universal. Its scope, enforceability, and practical application vary enormously depending on where you live — and if you’re in the United States, the landscape looks very different from what Europeans enjoy.
This guide is designed to give you an accurate, grounded picture of what the right to be forgotten actually means in the US, what legal tools Americans do have at their disposal, and what practical steps you can take when the law falls short.
How GDPR’s RTBF Works in the EU — A Quick Overview
When the European Union’s General Data Protection Regulation (GDPR) took effect in May 2018, it codified the right to be forgotten into binding law across all EU member states. Article 17 of the GDPR — formally titled “Right to erasure (‘right to be forgotten’)” — gives individuals the legal right to request that a data controller erase their personal data without undue delay under specific circumstances.
Those circumstances include situations where the data is no longer necessary for the purpose it was originally collected, where the person withdraws their consent and no other legal basis applies, where they object to the processing and no overriding legitimate interest exists, where the data has been unlawfully processed, or where erasure is required to comply with a legal obligation.
Article 17 also imposes a secondary obligation: if a data controller has made the personal data public, they must take reasonable steps to inform other controllers processing that data that the individual has requested erasure — including erasure of links and copies.
In practice, this means an EU resident can submit a request directly to Google, and Google is legally required to evaluate it, respond within one month, and in qualifying cases, de-index the URL from search results for queries based on the person’s name — at minimum within EU-based versions of Google Search (e.g., google.fr, google.de). The underlying page may still exist; it simply won’t appear prominently when someone searches that person’s name in Europe.
Crucially, the right is not absolute. GDPR Article 17(3) carves out exceptions for data processing that is necessary for exercising the right of freedom of expression, for compliance with a legal obligation, for reasons of public interest in the area of public health, for archiving or research purposes, or for the establishment, exercise, or defense of legal claims. Public figures have reduced expectations of erasure when the information relates to their public roles.
Still, for ordinary EU residents, Article 17 provides a meaningful, enforceable legal tool that most Americans simply do not have a direct equivalent of.
Does the Right to Be Forgotten Apply in the United States?
No. There is no federal right to be forgotten in the United States.
Unlike the EU, the US does not have a comprehensive federal data privacy law that grants individuals a broad right to erasure. The First Amendment heavily shapes American jurisprudence around information — courts have historically been reluctant to order the removal of truthful, lawfully obtained information from public platforms, even when that information is embarrassing, outdated, or harmful to someone’s reputation.
Several federal courts have directly addressed RTBF-style claims and rejected them on First Amendment grounds. In general, truthful, non-defamatory information that was lawfully published enjoys broad constitutional protection in the US, regardless of whether the subject of that information wants it removed.
This does not mean Americans are completely without recourse. There are specific, narrower legal mechanisms that can compel removal of certain categories of information. There are state-level privacy laws that grant limited erasure rights. And there are significant practical tools outside the law that can reduce the visibility of unwanted information online. But the broad, general right an EU resident can invoke under GDPR Article 17 simply does not exist at the federal level in the United States.
US State-Level Privacy Laws That Come Close (CCPA, Virginia CDPA, etc.)
While federal law offers no RTBF analog, a growing number of US states have enacted comprehensive privacy legislation that includes deletion rights — though these rights are narrower than GDPR and generally apply only to commercial data processing, not to journalistic, editorial, or public-record content.
California Consumer Privacy Act (CCPA) / CPRA
California’s CCPA, which became enforceable in 2020 and was significantly expanded by the California Privacy Rights Act (CPRA) in 2023, grants California residents the right to request that businesses delete personal information the business has collected about them. This applies to businesses that meet specific revenue or data-volume thresholds. The law has meaningful teeth: businesses that fail to honor verified deletion requests within 45 days can face enforcement action from the California Privacy Protection Agency (CPPA). However, the CCPA’s deletion right does not extend to data processed for journalistic purposes, data necessary to complete a transaction, data used to comply with legal obligations, or data that is part of a publicly available record.
Virginia Consumer Data Protection Act (VCDPA)
Virginia’s VCDPA, effective January 2023, similarly grants residents a right to delete personal data provided to or collected by a controller. It applies to businesses that control or process data of at least 100,000 Virginia consumers annually, or at least 25,000 consumers if the company derives more than 50% of gross revenue from selling personal data.
Colorado, Connecticut, Texas, and Others
As of 2025, over a dozen states have enacted comprehensive consumer privacy laws with deletion rights, including Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Montana, Iowa, Indiana, Tennessee, and Oregon. These laws share a broadly similar structure: consumers can submit verified deletion requests to qualifying businesses, and businesses must respond within defined timeframes (typically 45–90 days). None of these laws give individuals the right to demand Google remove search results the way GDPR does.
What State Laws Cannot Do
State privacy laws generally cannot force a newspaper to unpublish an article, compel a search engine to de-index a URL about you, or require the removal of information from public court records or government databases. Their scope is primarily commercial data collection — the kind that happens when you use apps, make purchases, or interact with websites that track you for advertising purposes.
What You Can Legally Request Removed from Google in the US
Even without an RTBF law, Google has its own removal policies and tools that Americans can use. These are voluntary policies, not legal mandates in most cases, but they are real and Google enforces them.
Non-consensual intimate images (NCII). Google will remove links to non-consensual intimate imagery — commonly called “revenge porn” — from all search results globally. Many states have also criminalized NCII distribution, creating both a legal and a platform-based avenue for removal.
Doxxing content. In 2022, Google expanded its removal policy to allow individuals to request removal of content that includes their home address, personal phone number, email address, login credentials, financial information, or other content that could be used to facilitate identity theft or physical harm — even if that content appears on legitimate websites.
Outdated content from Google’s cache. If a page has been updated or removed at the source, you can ask Google to refresh its cache so the old version no longer appears. This doesn’t remove the page from results but ensures Google’s stored version is current.
Content from sites that have already removed it. If a webmaster has deleted a page but it still appears in search results, Google’s Remove Outdated Content tool can accelerate its removal from the index.
Explicit images shared without consent under US law. Federal law (18 U.S.C. § 2258A) and numerous state statutes may create additional legal grounds for removal of intimate images shared without consent, and Google cooperates with these legal frameworks.
Defamatory or legally actionable content. Google may remove links to defamatory content if accompanied by a valid court order. This is not automatic — it requires litigation — but it is a pathway.
Notably, Google does not remove search results simply because someone finds them embarrassing, outdated, or damaging to their reputation — absent a legal violation or a match to Google’s specific removal policies. Truthful information, public records, news articles, and similar content generally remain indexed regardless of personal objection.
Data Broker Removal Rights Under US Law
One of the most significant and underappreciated privacy threats for Americans is the data broker industry — companies like Spokeo, Whitepages, Intelius, BeenVerified, and hundreds of others that aggregate personal information from public records, voter registrations, court filings, social media, and commercial data purchases, then sell access to that information to anyone who pays.
Under CCPA and similar state laws, California residents (and residents of other covered states) have the right to opt out of the sale of their personal information and to request deletion of data held by covered businesses. Many data brokers qualify as covered businesses under these statutes, which means verified deletion requests must be honored.
California’s Delete Act (SB 362), signed in 2023, goes further: it requires data brokers registered with the California Privacy Protection Agency to honor deletion requests submitted through a single, centralized opt-out mechanism — set to be operational in 2026. This would substantially reduce the burden of submitting individual opt-out requests to hundreds of separate brokers.
Outside of covered states, Americans generally have no statutory right to force data brokers to delete their profiles. Some brokers have voluntary opt-out processes, and organizations like Privacy Rights Clearinghouse maintain guides for navigating them. Realistically, manual opt-outs are time-consuming and impermanent — data brokers frequently re-populate profiles from public records.
Court-Ordered Expungement and Its Impact on Online Records
Criminal record expungement is a legal process available in all 50 states (with varying eligibility criteria) through which a court can seal or legally erase a criminal conviction or arrest record from the official record. Expungement can meaningfully affect what appears in background checks conducted through official government channels.
However, expungement has significant limitations in the internet age. Court records that were already publicly available and captured by commercial background-check services or news archives do not automatically disappear when expungement is granted. The expungement order applies to official government records and compels government agencies to treat the record as sealed — but it does not, by default, reach private databases, news websites, or search engine indexes.
Some states have moved to address this gap. California’s legislature has considered (and in limited cases enacted) provisions requiring commercial background-check companies to update their databases to reflect expungements. Illinois and a handful of other states have passed laws requiring publishers and website operators to remove or seal certain arrest records once expungement is granted, though enforcement is inconsistent.
The practical takeaway: expungement is a valuable and important legal tool, but Americans should not assume it will automatically clean up their online presence. Separate requests to data brokers, news outlets, and search engines are often still necessary.
The Realistic Limits: What No Law Can Force Google to Remove
Honesty matters here. Even with every tool, law, and platform policy working in your favor, there are categories of information that no US law currently requires Google to remove — and that Google’s own policies do not cover.
Truthful news articles, even old and embarrassing ones, are generally protected by the First Amendment and by Google’s editorial independence. A 2009 arrest that led to a conviction, a public lawsuit, a bankruptcy filing, a professional license revocation, or a published profile in a local newspaper — these are part of the public record and the historical record. Courts and legislators have consistently held that the public’s interest in accurate information outweighs an individual’s interest in suppressing it, absent defamation, harassment, or specific statutory violations.
Information about public figures — politicians, executives, celebrities, public personalities — faces an even higher bar. Courts apply a different standard of public interest to those who have voluntarily entered public life, and that information is extremely difficult to dislodge.
Social media content posted by third parties, archived pages on the Wayback Machine, academic publications, court documents, government agency records, and journalistic content are all categories where Americans have very limited legal recourse absent extraordinary circumstances.
Understanding these limits is not defeatist — it’s the essential foundation for making smart decisions about what to pursue legally and what to address through other means.
Practical Alternatives: Suppression, De-indexing Requests, and ORM
When legal removal isn’t possible, suppression becomes the strategic alternative — and it’s often more achievable than people expect.
Search result suppression works by flooding Google’s first page (or first several pages) with positive, neutral, or authoritative content about you, effectively pushing unwanted results further down where most people will never see them. Studies consistently show that the vast majority of users never click past the first page of search results. A result pushed to page three or beyond is functionally invisible to most searchers.
Suppression typically involves creating and optimizing new content: professional profiles on high-authority platforms like LinkedIn, profiles on industry association sites, guest articles, an optimized personal or professional website, press releases, social media profiles, and citations from credible sources. Done well and with consistency, this content can outrank older negative material over time.
De-indexing requests are a different but complementary tool. As discussed earlier, Google accepts removal requests for specific categories of content (doxxing, NCII, outdated cached pages, etc.). Beyond Google’s own policies, you can also request that website owners remove content at the source — which, if granted, can trigger removal from Google’s index through the Remove Outdated Content tool.
Online Reputation Management (ORM) is the professional discipline that combines all of these techniques: content creation, SEO, legal coordination, platform-level removal requests, and long-term monitoring. ORM professionals understand Google’s algorithms, know which platforms rank well, and can develop sustained strategies tailored to your specific situation.
Professional ORM services are particularly valuable when the negative content is entrenched on high-authority domains, when the volume of content requiring suppression is large, or when search results directly affect career prospects, business relationships, or personal safety. For most individuals, a combination of DIY content creation and professional assistance yields the best results at manageable cost.
How ReputaForge Can Help with Suppression
If you’ve read this far, you likely have a specific situation in mind — a search result that’s costing you opportunities, a data broker profile you can’t seem to permanently remove, or an old article you wish would disappear.
ReputaForge specializes in exactly this kind of problem. Their team combines legal knowledge of data broker opt-out rights and platform removal policies with hands-on ORM expertise — content strategy, technical SEO, and long-term monitoring — to create a comprehensive approach to protecting your online presence.
Rather than overpromising legal removals that aren’t attainable, ReputaForge focuses on what actually works: identifying what can be removed (and handling those requests), then building a sustained suppression strategy for what can’t. For individuals navigating the limitations of US privacy law, this realistic, results-driven approach is often the most effective path forward.
If you’re dealing with unwanted search results, persistent data broker profiles, or general online reputation concerns, ReputaForge offers a confidential consultation to assess your situation and outline a realistic strategy — no inflated promises, just practical expertise.
FAQs:
Question1: Does the right to be forgotten apply in the US?
Answer: No federal law grants Americans a broad right to be forgotten comparable to GDPR Article 17. State laws like the CCPA provide limited deletion rights for commercially collected personal data, but these don’t extend to news content, court records, or search engine results generally.
Question2: Can I force Google to remove a search result in the US?
Answer: Only in specific circumstances covered by Google’s removal policies: non-consensual intimate images, doxxing-type personal information (home address, financial details, etc.), content that has already been removed at the source, or content covered by a valid court order. Truthful, lawfully published content generally cannot be compelled for removal.
Question3: What can I do about data broker profiles showing my personal information?
Answer: If you’re in California or another state with a comprehensive privacy law, you have statutory rights to request deletion from covered data brokers. Outside those states, you can use voluntary opt-out processes that many brokers provide, though these are time-consuming and impermanent. Tools and services that automate and monitor opt-out submissions can reduce the ongoing burden.
Question4: Does expungement remove my records from Google?
Answer: Expungement seals official government records but does not automatically remove information from private databases, news sites, or Google’s index. Separate requests to individual websites and search engines are often necessary, and not all will comply voluntarily.
Question5: What’s the difference between removal and suppression?
Answer: Removal means the content is taken down or de-indexed — it no longer appears in search results. Suppression means the content still exists but is pushed down in search rankings by building new, authoritative content that ranks above it. Suppression is often more achievable and can be highly effective given that most users never look beyond the first page of results.
Question6: Can I sue for the right to be forgotten in the US?
Answer: Not in the broad sense recognized by EU law. You may have legal claims for defamation, harassment, or violations of specific state privacy statutes, but courts have generally held that truthful, non-defamatory information cannot be compelled for removal based on a general right to privacy or reputation.
Question7: Is the US likely to pass a federal RTBF law?
Answer: As of 2025, Congress has debated but not passed comprehensive federal privacy legislation. Various proposals have included limited deletion rights, but none have become law. State-level privacy legislation continues to expand, and data broker regulation is an active area of legislative attention at both the state and federal level.
