I think it depends on what they are doing online. Some instances such as dealing with money, think KYC, should have to disclose their identity. While other instances it doesn't really matter.
I do disagree with the EU's right to be forgotten, it depends on what you have done that you want forgotten. It's like a scamer's best day ever, clean a few people out then ask for the info to be scrubbed, and do it all over again. Just rinse and repeat.
It actually annoyed me a bit with the US-based companies sending me statements saying they had to change their policies to comply. Which is a load of bull, it is a ruling from a union of countries, who have no jurisdiction in the US.