A report in the U.K. Telegraph notes that the European Union is seeking to create a so-called “right to be forgotten” online, and has “drafted potential legislation that would include new, unprecedented privacy rights for citizens sharing personal data.” Details are sparse at this point, but according to this new 20-page European Commission document, “A Comprehensive Approach on Personal Data Protection in the European Union,” the EU will be:
clarifying the so-called ‘right to be forgotten’, i.e. the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired. (p.8)
Two brief comments on this. First, it should be apparent that any “right to be forgotten” conflicts mightily with free speech rights and press freedom. As I discussed at greater length in this review of Solove’s Understanding Privacy as well as my essay on “Two Paradoxes of Privacy Regulation,” the problem with enshrining expansive privacy “rights” into law is that it means there will need to be stricter limits placed on speech and press freedoms. As Eugene Volokh noted in his 2000 law review article entitled, “Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking About You“:
The difficulty is that the right to information privacy — the right to control other people’s communication of personally identifiable information about you — is a right to have the government stop people from speaking about you. And the First Amendment (which is already our basic code of “fair information practices”) generally bars the government from “control[ling the communication] of information,” either by direct regulation or through the authorization of private lawsuits.
Of course, there’s no First Amendment in the E.U. But while there’s not as strong of a tradition of freedom of speech / press in Europe as in the U.S., it would still be shocking to see the E.U. go down this path. Consider what it means for the press, in particular. When I was in journalism school back in the late 1980s, one of my favorite professors once told my class that a good journalist was really nothing more than a nosy person who knew how to write. But being “nosy” — digging for stories, gathering facts, reporting on the world around us — is fundamentally at odds with “privacy,” strictly defined. For example, could someone claim “a right to be forgotten” when a journalist pens an article about them beating their wife or committing corporate fraud? Believe it or not, Germany already has a law like this for convicted criminals who have served their time. They can have old facts about their crimes repressed after they’ve served their sentences. [Note: If someone could forward me additional details about that German law, I would appreciate it. Specifically, I would like a better understanding of how enforcement works.]
Second, there are economic trade-offs that must always be considered here. Enshrining “a right to be forgotten” into law would necessitate a fairly significant expansion in the rules and regulations governing information sectors and actors. Enforcement would certainly be challenging. As always, there is no free lunch; something has to give. If online sites and service providers are faced with onerous new regs that limit their ability to collect data or serve up online advertising, those sites and services will need to find new methods of financing ongoing operations. The impact on innovation could be substantial. Indeed, one could argue that one of the reasons America’s high-tech sector and digital companies are the global leaders in so many of their fields is precisely because they have not been strapped with top-down privacy regimes and data directives that would have constrained their ability to innovate using information collection.
Information — yes, including personal information — is the fuel of the Digital Economy. Restricting the flow of that information, or its use for advertising and marketing purposes, will have an undeniably negative impact on online content and culture. Ask yourself this: Would you be willing to pay $19.95/month to use a social networking site, or to be charged a fee for each query you enter into a search engine? Those subscription-based or pay-per-use business models certainly shouldn’t be prohibited, but it would seem most Netizens are comfortable with the current arrangement: Free access/use in exchange for information collection and ads.
Of course, this “right to be forgotten” regulatory regime is currently only being considered in Europe. Some here in the U.S., therefore, might be tempted to cheer on their expansive reading of privacy “rights” in light of the hobbling effect it has on their information and high-tech sectors! But those rules will hurt U.S. players, too, since many of them offer services across Europe. Moreover, this regulatory paradigm could become a model for privacy advocates in the U.S. and set the stage for a major push for new legislation / regulation here. Let’s hope that’s not the case.