The right to privacy is sometimes said to include a right to “informational autonomy”, a person’s right to decide what information about themselves will be disclosed and to whom. However, what a person chooses to disclose at one stage of their life or to one group of acquaintances may not be something which they wish to be generally available or available later on. The advent of electronic databases and, more recently, the internet has made this problem particularly acute. A huge amount of personal data about a large proportion of the population – particularly those under 40 – is publicly accessible. Should the right to privacy include a right to control over this kind of information?
The point has long been debated in France where there has been growing support for the “droit d’oubli” or right to delete. In 2009, the French Secretary of State in charge of the digital economy began a campaign for such a right which has, so far, led to a Code of Practice. There are also similar rights in Germany and Switzerland.
The matter has now been taken up by the EU Commission. In its paper on ‘A comprehensive approach on personal data protection in the European Union’ the Commission says that it will examine ways of
clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired;
A Commission FAQ about the process suggested that.
“there should be a ‘right to be forgotten,’ which means that individuals should have the right to have their data fully removed when it is no longer needed for the purposes for which it was collected. People who want to delete profiles on social networking sites should be able to rely on the service provider to remove personal data, such as photos, completely.”
In an article on the “Outlaw” site this week, entitled “Hasty legislation will make a mess of Europe’s ‘right to be forgotten, Struan Robertson points out the difficulties:
“Society must have a right to record history, and history is made up of material depicting or describing individuals. Its distortion is nothing new: as Winston Churchill observed, history is written by the victors. But the information age should make it harder to lose objective records. Politicians should be careful if they pass laws that might undermine that”.
He goes on to argue that
“There are technical problems with the right to disappear too. With ever-increasing amounts of digital information about all of us in ever-increasing numbers of places, how can you be sure that all information has been deleted?
What is deletion, anyway? Must it be irretrievable? Can you have every bit of data that might identify you erased, down to the removal of an IP address and timestamp in server logs? Can you demand that even your request for deletion gets deleted?
Will deletion be distinguished from suppression? For example, if you tell a company to never email you again and to remove your address from its databases right away, your request presents a challenge. How can a company ensure that it avoids future mailings to you without keeping a note of your address? Its solution might be to add your address to a suppression list – a ‘do not call’ list exclusive to that business“.
The right has also recently been debated in the US. Chris Conley of the American Civil Liberties Union, has a written a paper on the subject of the “The Right to Delete“. In a paper entitled “The Right to Inform v. The Right to be Forgotten: A Transatlantic Clash” Professor Franz Werro considers the difference between the US and Swiss approaches.
This issue is becoming of increasing importance with the growth of social networking sites. A recent “New York Times” article – “The Web Means the end of Forgetting” Jeffrey Rosen highlights the case of Stacy Snyder, a 25 year old trainee teacher who was denied her degree after posting a picture of herself on “My Space” wearing a pirate hat and drinking from a plastic cup, with the caption “Drunken Pirate. She lost her challenge in the courts on the grounds that “because she was a public employee whose photo didn’t relate to matters of public concern, her “Drunken Pirate” post was not protected speech“.
Jeffrey Rosen has a long and thoughtful analysis of the issues, concluding that
“a humane society values privacy, because it allows people to cultivate different aspects of their personalities in different contexts; and at the moment, the enforced merging of identities that used to be separate is leaving many casualties in its wake. Stacy Snyder couldn’t reconcile her “aspiring-teacher self” with her “having-a-few-drinks self”: even the impression, correct or not, that she had a drink in a pirate hat at an off-campus party was enough to derail her teaching career …
Our character, ultimately, can’t be judged by strangers on the basis of our Facebook or Google profiles; it can be judged by only those who know us and have time to evaluate our strengths and weaknesses, face to face and in context, with insight and understanding. In the meantime, as all of us stumble over the challenges of living in a world without forgetting, we need to learn new forms of empathy, new ways of defining ourselves without reference to what others say about us and new ways of forgiving one another for the digital trails that will follow us forever“.