The Right to be Forgotten

"Maybe you've been at a party, up until four in the morning and you or someone you know posts photos of you. Well, it's a harmless bit of fun, but being unable to erase this can threaten your job or access to future employment."

The European Union is to enshrine a right to be forgotten online to ensure that, among other things, prospective employers cannot find old Facebook party photos of someone wearing nothing but a lampshade.

In a speech to the European parliament, the EU justice commissioner, Viviane Reding, warned companies such as Facebook that: A US-based social network company that has millions of active users in Europe needs to comply with EU rules.

In a package of proposals to be unveiled before the summer, the commissioner intends to force Facebook and other social networking sites to make high standards of data privacy the default setting and give control over data back to the user.

The package will also include the right to opt out of advertising and personalisation data being collected via website cookies.

I want to explicitly clarify that people shall have the right -- and not only the possibility -- to withdraw their consent to data processing, Reding said. The burden of proof should be on data controllers -- those who process your personal data. They must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary.

Reding's spokesman, Matthew Newman, said that the laws would make the EU the first jurisdiction to deliver a right to be forgotten.

Maybe you've been at a party, up until four in the morning and you or someone you know posts photos of you. Well, it's a harmless bit of fun, but being unable to erase this can threaten your job or access to future employment.

The rules would give consumers a specific right to withdraw their consent to sharing their data: And after you have withdrawn your consent, there shouldn't even be a ghost of your data left in some server somewhere. It's your data and it should be gone for good.

The Spanish government has ordered Google to delete information about 90 individuals from its search engine indexes. Spain said it believes that the individuals have a right to be forgotten. The 90 are thoie that lodged complaints with the Spanish data protection agency.

But Google said preventing some data being accessed through search engines would have a profound chilling effect on free expression without protecting people's privacy

A court will determine whether the individuals' details should be deleted.

The issue rose when Spain published an official database online. The database contained personal information about Spanish citizens that is maybe best not published on the internet. And indeed the Google search engine indexed the site and made the information available in the usual search engine results.

Viviane Reding, Vice-President of the European Commission and EU Justice Commissioner seems sympathetic with the right to be forgotten. She said:

I do not approach this subject of the 'right to be forgotten' lightly. I know that there is a balance to be struck with freedom of expression. It may also call for some flexibility in the way this balance is struck, but I cannot accept that individuals have no say over their data once it has been launched into cyberspace.

European Union Justice Commissioner Viviane Reding has proposed a sweeping reform of the EU's data protection rules, claiming that the proposed rules will both cost less for governments and corporations to administer and simultaneously strengthen online privacy rights.

The 1995 Data Protection Directive already gives EU citizens certain rights over their data. Organizations can process data only with consent, and only to the extent that they need to fulfil some legitimate purpose. They are also obliged to keep data up-to-date, and retain personally identifiable data for no longer than is necessary to perform the task that necessitated collection of the data in the first place. They must ensure that data is kept secure, and whenever processing of personal data is about to occur, they must notify the relevant national data protection agency.

The new proposals go further than the 1995 directive, especially in regard to the control they give citizens over their personal information. Chief among the new proposals is a right to be forgotten that will allow people to demand that organizations that hold their data delete that data, as long as there is no legitimate grounds to hold it.

This is the so-called right to be forgotten. The proposal does not create a right to be thrown down the memory hole or rewrite the past; news reports and similar material would be a legitimate reason to retain personal information, and this would override a demand to have data deleted. But sites like Facebook---which has had difficulties with the concept of deletion---and Google would likely be required to purge any such personal data should someone demand that they do so.

...Read the full article

Offsite: Google exec questions Reding's Right to be forgotten pledge

See article from theregister.co.uk

Google's privacy policy counsel in Brussels, Marisa Jimenez, expressed concern about some of the passages written under article 17 of the proposed regulation. She said Reding's so-called right to be forgotten on the internet plans have, in part, been welcomed by Google.

But she noted that the current text submitted by the European Commission is incredibly complex and thereby open to any number of interpretations by data protection authorities and companies that could be expected to comply with the rules, if passed by the European Parliament in their current form.

Here's what Reding's proposed regulation currently states on the right to be forgotten:

Article 17 provides the data subject's right to be forgotten and to erasure. It further elaborates and specifies the right of erasure provided for in Article 12(b) of Directive 95/46/EC and provides the conditions of the right to be forgotten, including the obligation of the controller which has made the personal data public to inform third parties on the data subject's request to erase any links to, or copy or replication of that personal data. It also integrates the right to have the processing restricted in certain cases, avoiding the ambiguous terminology blocking.

...Read the full article

A leading British lawyer has condemned new European regulations that force websites to delete data on users' request, saying such rules could transform search engines like Google into a censor-in-chief for the European Union, rather than a neutral platform.

According to the current European proposal from Justice Commissioner Viviane Reding, various websites will be forced to delete information shortly after consumers request it be removed.

Prof Jeffrey Rosen, writing in the Stanford Law Review,  argued that the fear of fines will have a chilling effect, and that it will be hard to enforce across the Internet when information is widely disseminated:

Although Reding depicted the new right as a modest expansion of existing data privacy rights, in fact it represents the biggest threat to free speech on the Internet in the coming decade.

Unless the right is defined more precisely when it is promulgated over the next year or so, it could precipitate a dramatic clash between European and American conceptions of the proper balance between privacy and free speech, leading to a far less open Internet.

Prof Rosen warns that if the regulations are implemented as currently proposed, it's hard to imagine that the Internet results will be as free and open as it is now.

Spain's highest court wants the European Court of Justice (ECJ) to decide if requests by Spanish citizens to have data deleted from Google's search engine are lawful.

The Spanish court said it had asked the ECJ to clarify whether Google should remove data from its search engine's index and news aggregator.

Madrid's data protection authority has received over 100 requests from Spanish citizens to have their data removed from Google's search results. An example case is a plastic surgeon who wants to get rid of archived references to a botched operation.

The Spanish judges also asked the ECJ whether the complainants must take their grievances to California, where Google is based, or whether  they can be addressed by Google Spain.

Google has maintained that it cannot lawfully remove any content for which it is merely the host and not the producer, a principle enshrined in EU law on eCommerce since 2000. Google told the Spanish prosecutor it needed more legal justification for removing references to events in an individual's history.