Europe’s ‘Right to Be Forgotten': Privacy as Internet Censorship

by on January 23, 2012 · 7 comments

According to the BBC, the European Commission is apparently set to adopt formal rules guaranteeing a so-called “right to be forgotten” online.  As part of the Commission’s overhaul of the 1995 Data Protection Directive, this new regulation will mandate that, “people will be able to ask for data about them to be deleted and firms will have to comply unless there are ‘legitimate’ grounds to retain it,” the BBC reports.

I’ve written about “right to be forgotten” and “online eraser button” proposals before in my Forbes essay, “Erasing Our Past On The Internet,” a Mercatus white paper on “Kids, Privacy, Free Speech & the Internet: Finding the Right Balance.” and in this essay here on the TLF on “The Conflict Between a “Right to Be Forgotten” & Speech / Press Freedoms.” While I can appreciate the privacy and reputational concerns that lead to calls for such information controls, the reality is that a mandatory “right to be forgotten” is a recipe for massive Internet censorship.  As I noted in those earlier essays, such notions conflict violently with speech rights and press freedoms. Enshrining into law such expansive privacy norms places stricter limits on others’ rights to speak freely, or to collect and analyze information about others.

The ramifications for journalism are particularly troubling. Good reporting often requires being “nosy” while gathering facts. Journalists (and historians) might suddenly be subjected to restraints on their research and writing. The Brits have been struggling with this when trying to enforce gag orders and “super-injunctions” on media providers to protect privacy. It hasn’t turned out well, especially since new social media platforms and speakers easily evade these rules. (See my Forbes column, “With Freedom of Speech, The Technological Genie Is Out of the Bottle.”)

Thus, for a “right to be forgotten” to work, a more formal and robust information control regime will need to be devised to censor the Net and make it “forget”about the digital footprints we left online. Will the DMCA’s “notice and takedown” model be applied? Beyond the chilling effect associated with dragnet takedowns of online information, it’s unlikely that approach will really work. Keep in mind, this isn’t as simple as just telling large social media operators to delete information on demand. The reality is, as computer scientist Ben Adida notes in his essay “(Your) Information Wants to be Free,” the same forces and factors that complicate other forms of information control, such a copyright and speech restrictions, also complicate the protection of facts about you. “[I]nformation replication doesn’t discriminate: your personal data, credit cards and medical problems alike, also want to be free. Keeping it secret is really, really hard,” Adida correctly notes.

The fact is, information is instantaneously replicated online many times over on many different platforms — sometimes manually, sometimes automatically. Regulation will need to grapple with how to put the genie back in the bottle when countless others have already forwarded or commented on the piece of information someone later wants “forgotten.” And how would automated online archiving / storage services be affected? Will such sites and services be expected to find and purge every possible mention / reference of the offending information? Will they be compensated for the countless requests they receive to delete countless pieces of digital information, or are they just expected to do that out of the goodness of their hearts?

I could go on, but instead I’d just ask that you read some of the essays I’ve already cited and then take a look at this outstanding essay on “9 Reasons Why a ‘Right to be Forgotten’ is Really Wrong,” by Joris van Hoboken, a PhD candidate at the Institute for Information Law (IViR) at the University of Amsterdam. It’s an outstanding critique of the notion.

Please keep in mind: Just because I raise questions like these it does not mean I’m opposed to the notion that online operators should be held to higher standards and be expected to properly safeguard our online information and perhaps even delete much of it upon request. But moving this process into the legal / regulatory arena opens up a huge Pandora’s Box of potential problems. Censoring the Net — even when it’s for a cause many favor — is very hard and will give rise to many unintended consequences.

[P.S. Here’s a podcast conversation about these issues where Jerry Brito and I discuss the ramifications of such a regulatory regime.]

  • Sean M. Flaim

    Curious if you can answer this from my devil’s advocate perspective.  If we currently regulate credit reports and state that bad credit over seven years old cannot be shown on a credit report, how is ‘reputational bankruptcy’ with similar limits (Internet postings about you over X amount of years old must be taken down upon request) any different?  If anything, such a ‘right to be forgotten’ seems to be a less intrusive imposition on speech because you at least have to care enough to ask in the first place.

    Examining it from a First Amendment perspective, of course credit bureaus are commercial entities, and their speech rights are subject to intermediate scrutiny, justifying the current rules.  Such an commercial speech analysis would also (arguably) apply to commercial social media sites.  It’s hard for me to believe in that case that such rules would be found to violate the First Amendment.

    As to private websites, even if you look at the issue from a strict scrutiny perspective, I can foresee both a compelling government interest in providing this type of relief through the least restrictive means, take down, for the regulation of private speech as well.  You aren’t requiring private parties to get rid of the information, just to not publicize it on the Internet, which is directly related to the ‘harm’ the government is trying to solve.

    The ‘hamstringing’ of media seems to be a red herring.  Making information more difficult to find is not the same as making it impossible to find.  Long before the Internet, gumshoe reporting uncovered plenty on a person’s past that reputational bankruptcy would never be able to erase.  Nothing in a ‘right to be forgotten’ says that the person must delete the record.  They simply need to not put it on the ‘net.  That’s a huge difference.

  • Pingback: Finger on the Pulse: From Our Blogroll and Beyond « The Legal Pulse()

  • Pingback: Saturday Links | The Agitator()

  • Pingback: Posited “right to be forgotten online”()

  • Pingback: Posited “right to be forgotten online” | My Blog()

  • Pingback: Nipping A Terrible Idea In the Bud | Ethics Alarms()

  • Increase male libido

    Will they be compensated for the countless requests they receive to
    delete countless pieces of digital information, or are they just
    expected to do that out of the goodness of their hearts?

Previous post:

Next post: