Christopher Poole
Private Sector Brushes Up Against EU’s “Right to be Forgotten”
In January of this year the European Commission unveiled a series of proposed reforms to the 1995 Data Protection Directive. While the reforms are significant in many respects, one key aspect is the Article 17 ‘right to be forgotten.’ In short, the ‘right’ would require that organizations handling personal data online respond to and fulfill requests by persons to delete such data.[1] As Professor Jeffrey Rosen has stated, “If requested to do so companies such as Facebook and Google would have to remove photos that people post about themselves and later regret, even if the photos have been widely distributed already.”[2]
While many have welcomed such a right, some in both academia and the private sector have expressed concern over the far-reaching implications of such a law. Rosen himself has noted that perhaps the most crucial aspect of the proposed regulation may be in that it “treats takedown requests for truthful information posted by others identically to takedown requests for photos” users have posted themselves, raising questions about freedom of speech and the role of online services as censors.
One major player in the privacy game is already finding itself under pressure. Google has publicly expressed concern over what it sees as the broadness of the regulation, arguing that it may not adequately address the “important distinctions that need to be made between services that host content created by people (such as Facebook and YouTube) and services that point people to content that exists elsewhere (for example, search engines such as Google, Bing and Yahoo!).”[3] Facing EU scrutiny over its revamped privacy policy[4], Google is already squaring off against claims of a broad right to be forgotten in the EU. This past week, Spain’s highest court requested the European Court of Justice to decide if Spanish citizens may lawfully require Google to remove data from its search engine and associated services.[5] The formal referral to the ECJ comes after authorities in Madrid have received “over 100” such requests for Google to delete data, including cases such as a “plastic surgeon [who] wants to get rid of archived references to a botched operation.”
Cited:
[1] Commission proposes a comprehensive reform of data protection rules to increase users’ control of their data and to cut costs for businesses, http://europa.eu/rapid/pressReleasesAction.do?reference=IP/12/46&format=HTML&aged=0&language=EN&guiLanguage=en (text of the proposed regulations directly available at Article 17: Right to be forgotten and to erasure, http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf).
[2] The Right to be Forgotten, http://www.stanfordlawreview.org/online/privacy-paradox/right-to-be-forgotten .
[3] Our thoughts on the right to be forgotten, http://googlepolicyeurope.blogspot.com/2012/02/our-thoughts-on-right-to-be-forgotten.html .
[4] EU agencies say Google breaking law: commissioner, http://www.reuters.com/article/2012/03/01/us-google-privacy-eu-idUSTRE82011K20120301 .
[5] Spain refers Google privacy complaints to EU’s top court, http://www.reuters.com/article/2012/03/02/us-eu-google-idUSTRE8211DP20120302 .
For more information:
Data protection reform: Frequently asked questions,
http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/12/41&format=HTML&aged=0&language=EN&guiLanguage=fr .
Google picks holes in EU’s ‘right to be forgotten’, http://www.zdnet.co.uk/news/regulation/2012/02/17/google-picks-holes-in-eus-right-to-be-forgotten-40095071/
EU agencies say Google breaking law: commissioner,
http://www.reuters.com/article/2012/03/01/us-google-privacy-eu-idUSTRE82011K20120301 .