Privacy and the “right to oblivion”

16 11 2010

The right to privacy is sometimes said to include a right to “informational autonomy”, a person’s right to decide what information about themselves will be disclosed and to whom.  However, what a person chooses to disclose at one stage of their life or to one group of acquaintances may not be something which they wish to be generally available or available later on.  The advent of electronic databases and, more recently, the internet has made this problem particularly acute.  A huge amount of personal data about a large proportion of the population – particularly those under 40 – is publicly accessible.  Should the right to privacy include a right to control over this kind of information?

The point has long been debated in France where there has been growing support for the “droit d’oubli” or right to delete. In 2009, the French Secretary of State in charge of the digital economy began a campaign for such a right which has, so far, led to a Code of Practice.  There are also similar rights in Germany and Switzerland.

The matter has now been taken up by the EU Commission.  In its paper on  ‘A comprehensive approach on personal data protection in the European Union’  the Commission says that it will examine ways of

clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired;

A Commission FAQ about the process suggested that.

there should be a ‘right to be forgotten,’ which means that individuals should have the right to have their data fully removed when it is no longer needed for the purposes for which it was collected. People who want to delete profiles on social networking sites should be able to rely on the service provider to remove personal data, such as photos, completely.”

In an article on the “Outlaw” site this week, entitled “Hasty legislation will make a mess of Europe’s ‘right to be forgotten, Struan Robertson points out the difficulties:

“Society must have a right to record history, and history is made up of material depicting or describing individuals. Its distortion is nothing new: as Winston Churchill observed, history is written by the victors. But the information age should make it harder to lose objective records. Politicians should be careful if they pass laws that might undermine that”.

He goes on to argue that

There are technical problems with the right to disappear too. With ever-increasing amounts of digital information about all of us in ever-increasing numbers of places, how can you be sure that all information has been deleted?

What is deletion, anyway? Must it be irretrievable? Can you have every bit of data that might identify you erased, down to the removal of an IP address and timestamp in server logs? Can you demand that even your request for deletion gets deleted?

Will deletion be distinguished from suppression? For example, if you tell a company to never email you again and to remove your address from its databases right away, your request presents a challenge. How can a company ensure that it avoids future mailings to you without keeping a note of your address? Its solution might be to add your address to a suppression list – a ‘do not call’ list exclusive to that business“.

The right has also recently been debated in the US.   Chris Conley of the American Civil Liberties Union, has a written a paper on the subject of the “The Right to Delete“.  In a paper entitled “The Right to Inform v. The Right to be Forgotten: A Transatlantic Clash” Professor Franz Werro considers the difference between the US and Swiss approaches.

This issue is becoming of increasing importance with the growth of social networking sites.  A recent “New York Times” article – “The Web Means the end of Forgetting”  Jeffrey Rosen highlights the case of Stacy Snyder, a 25 year old trainee teacher who was denied her degree after posting a picture of herself on “My Space” wearing a pirate hat and drinking from a plastic cup, with the caption “Drunken Pirate. She lost her challenge in the courts on the grounds that “because she was a public employee whose photo didn’t relate to matters of public concern, her “Drunken Pirate” post was not protected speech“.

Jeffrey Rosen has a long and thoughtful analysis of the issues, concluding that

a humane society values privacy, because it allows people to cultivate different aspects of their personalities in different contexts; and at the moment, the enforced merging of identities that used to be separate is leaving many casualties in its wake. Stacy Snyder couldn’t reconcile her “aspiring-teacher self” with her “having-a-few-drinks self”: even the impression, correct or not, that she had a drink in a pirate hat at an off-campus party was enough to derail her teaching career …

Our character, ultimately, can’t be judged by strangers on the basis of our Facebook or Google profiles; it can be judged by only those who know us and have time to evaluate our strengths and weaknesses, face to face and in context, with insight and understanding. In the meantime, as all of us stumble over the challenges of living in a world without forgetting, we need to learn new forms of empathy, new ways of defining ourselves without reference to what others say about us and new ways of forgiving one another for the digital trails that will follow us forever“.


Actions

Information

6 responses

16 11 2010
Tweets that mention Privacy and the “right to oblivion” « Inforrm's Blog -- Topsy.com

[…] This post was mentioned on Twitter by Media Law UK and UK Human Rights Blog, INFORRM. INFORRM said: Privacy and the "right to oblivion": http://wp.me/pMDHB-1pH […]

16 11 2010
Melanie Hatton

What a thought-provoking post.

My view is that a “right to be forgotten” could only ever be served by an obligation to delete information about an individual which that individual themselves made known to a third party (rather than the public at large) and has subsequently withdrawn their consent to continue to have processed in the manner originally expected.

Where would you draw the line on a more all-encompassing “obligation to forget” being imposed? How do you balance an obligation to forget with a third party’s “right to remember”? As Struan Robertson points out “society has the right to record history”.

16 11 2010
10com

It’s not only the point that digital data are publicly accessible, two even more important points to be aware of are:
* digital data given out by naive, unaware, young & old people is in the hands of very few global companies. These companies can do with these data as they like, combine, split, sell etc. – 10com labels this as digital data ownership monopolization
* digital data given with the intention to land on a social network site, can be sold immediately to anyone in the world. Terms of use of almost all ‘free’ ‘social’ network providers give this opportunity. – 10com labels this as digital data trafficking.
For both smart solutions have to be designed.

10com | is a fresh independent European initiative to raise awareness on digital data flows and to com to a framework of measures & rulings to equip the EU for the Age of Digital

16 11 2010
10com | strives for a framework of smart rules & measures for the Age of Digital

IT’S ABOUT HAVING A CHOICE

These type of discussions mostly turn around terms as dataprotection, civil rights and privacy. This is not enough. To get further different ways of thinking are needed, beyond old, analogue principles. And on this side of the Ocean we first of all need a great deal of acting.

To come to a smart, lean framework of measures and rules for the Age of Digital in Europe that can survive over the next 10 years, awareness has to be raised on at least the following two points:
* only a handful of global operating companies, most of them juridically based in the US, some in China, are owning all digital data available in the global digital world. Normal civilians, even big other companies or powerful public bodies, have no powers whatsoever to get things done from these semi-monopolists. 10com labels this as digital data ownership monopolization.
* digital data given away for free with a certain intention, for instance to get a place in a digital social network, is stored and can be copied and sold to third-parties without any barrier. Even if the original owner of the data asked to keep the information ‘private’, the original owner of the data has nothing to say about it, most Terms of Use give providers the right to do with all data as they like. 10comlabels this as digital data trafficking.

Almost nobody in the blogging-community rellay is aware of this, a lot of bloggers are following a few AlphaBloggers with devotion. Most of these AlphaBloggers have ties with the same companies as meant above.

Google and Microsoft tomorrow could close all ‘free’ email-accounts, Apple and RIM tomorrow could publish all phone-numbers from adresslists in the smartphones of EU Members of Parliament, collected via synchronizing features. This blog can be deleted, Google-analytics is grabbing information about every visitor landing on this site. It’s impossible to post a comment without giving permission to send a cookie to our computer.

There is much more to be discussed, and new companies, with new paid digital services have to be started. It’s about having a choice, having power.

10com | a fresh independent European initiative that strives for a framework of measures and rulings to equip the EU for the Age of Digital.

17 03 2011
Cesare Rizzo

Every country has the right to impose their own versions of a law or restriction, and if America has a law about allowing this information to be accessible then so be it. If the EU has a restriction to this then the business in question (Facebook/ Google etc) should be forced to host EU Users within their jusitriction, in other word EU users should have their information stored on a sever that lies within EU shores.

As for the storing of information in terms of email addresses (Struan Robertson’s arguement above), Businesses should not be accessing all email addresses and should have a list of contacts for outgoing emails. And if someone should wish to no longer recieve these emails that contact should be deleted (No longer retrievable by that business).

There is far too much burocracy within the laws and legislations of the internet and the use of data in the digital age. There needs to be some simple global laws that all businesses must abide by and if not they should be heavily punished. The loop holes in the laws always seem to aid the large corporations around the world and very little is done to secure the rights of the general public, us the general public need to make a stand to cut out all of this burocracy.

15 07 2011
One Eyed Jacks

You’re position in the article is understandable, but along with the growth of the internet there has been an erosion of peoples personal boundaries. This is not healthy. Good boundaries make for good neighbors as the saying goes. And good neighbors make for a strong and stable democracy and economy. I would suggest thinking of it as the ‘Scarlet Letter Effect’. Reference Nathanial Hawthorne’s classic “The Scarlet Letter”. One of its key themes very presciently deals with the modern day re: things pertaining to the internet and privacy.

Leave a Reply




%d bloggers like this: