"We won’t be collecting your saved passwords, passkeys, usernames, and any URLs associated with your items. Your private information is just that – private.
All event data will be de-identified and processed in aggregate before it’s used for analysis. "
It sounds like they plan on releasing the technical details in the coming days/weeks. I'm curious how its de-identified and processed.
The "right to be forgotten" rules are, with all due respect to the EU regulators, pretty shortsighted.
I think the initial "right to be forgotten" lawsuit that Google faced from that Spanish guy-- where he claimed bankruptcy years prior. People( potential lenders?) kept finding that information online through google searches. He sued to have Google remove those sites from the index. He won and the Spanish Judge told Google they had to remove those results from searches.
But it didn't change that the information was still on each site. Those sites, the ones that actually held the information didn't get sued, just Google.
It also opened the door for oppressive governments covering up human rights abuses or hide other information they dont want widely available.
Google appealed and won: https://www.bbc.com/news/technology-49808208
I also want to point out that this Spanish guy's situation is very different from "posting publicly on social media". He was getting written about by others and the courts eventually said "no, this can stand. This information should remain available". So I imagine, public statements made by an individual certainly wouldn't qualify to be forgotten.
At the end of the day, to me, this is a technical decision not a privacy one.