Author Topic: An Internet 'Right to be Forgotten'? Spain orders Google to remove data  (Read 5931 times)

0 Members and 1 Guest are viewing this topic.

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
Internet 'Right to be Forgotten' debate hits Spain
http://hosted.ap.org/dynamic/stories/E/EU_INTERNET_RIGHT_TO_BE_FORGOTTEN?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2011-04-20-09-32-05
Apr 20, 9:32 AM EDT
By CIARAN GILES
Associated Press

MADRID (AP) -- Their ranks include a plastic surgeon, a prison guard and a high school principal. All are Spanish, but have little else in common except this: They want old Internet references about them that pop up in Google searches wiped away.

In a case that Google Inc. and privacy experts call a first of its kind, Spain's Data Protection Agency has ordered the search engine giant to remove links to material on about 90 people. The information was published years or even decades ago but is available to anyone via simple searches.

Scores of Spaniards lay claim to a "Right to be Forgotten" because public information once hard to get is now so easy to find on the Internet. Google has decided to challenge the orders and has appealed five cases so far this year to the National Court.

Some of the information is embarrassing, some seems downright banal. A few cases involve lawsuits that found life online through news reports, but whose dismissals were ignored by media and never appeared on the Internet. Others concern administrative decisions published in official regional gazettes.

In all cases, the plaintiffs petitioned the agency individually to get information about them taken down.

And while Spain is backing the individuals suing to get links taken down, experts say a victory for the plaintiffs could create a troubling precedent by restricting access to public information.

The issue isn't a new one for Google, whose search engine has become a widely used tool for learning about the backgrounds about potential mates, neighbors and co-workers. What it shows can affect romantic relationships, friendships and careers.

For that reason, Google regularly receives pleas asking that it remove links to embarrassing information from its search index or least ensure the material is buried in the back pages of its results. The company, based in Mountain View, Calif., almost always refuses in order to preserve the integrity of its index.

A final decision on Spain's case could take months or even years because appeals can be made to higher courts. Still, the ongoing fight in Spain is likely to gain more prominence because the European Commission this year is expected to craft controversial legislation to give people more power to delete personal information they previously posted online.

"This is just the beginning, this right to be forgotten, but it's going to be much more important in the future," said Artemi Rallo, director of the Spanish Data Protection Agency. "Google is just 15 years old, the Internet is barely a generation old and they are beginning to detect problems that affect privacy. More and more people are going to see things on the Internet that they don't want to be there."

Many details about the Spaniards taking on Google via the government are shrouded in secrecy to protect the privacy of the plaintiffs. But the case of plastic surgeon Hugo Guidotti vividly illustrates the debate.

In Google searches, the first link that pops up is his clinic, complete with pictures of a bare-breasted women and a muscular man as evidence of what plastic surgery can do for clients. But the second link takes readers to a 1991 story in Spain's leading El Pais newspaper about a woman who sued him for the equivalent of euro5 million for a breast job that she said went bad.

========================

Note that the example given: the Plastic Surgeon's botched surgery - a great straw man example -- NOBODY wants a doctor who botches surgery to be able to hide; to have a 'right to be forgotten'.

This is a can of worms.
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
Internet privacy and the "right to be forgotten"
http://www.reuters.com/article/2011/03/17/us-eu-internet-privacy-idUSTRE72G48Z20110317
Thu, Mar 17 2011

By Eva Dou

BRUSSELS (Reuters) - When it comes to privacy, the Internet has long been something of a Wild West but that that is starting to change, with regulators in Europe and the United States beginning to pull in the reins.

On both sides of the Atlantic, officials are scrutinizing how companies such as Facebook and Google handle users' personal data, as they draw up plans to protect surfers while ensuring the growth of rapidly expanding social media, search engine and other Web-based businesses.

In the first sign of where Europe may be headed with its privacy regulations, the European Union announced this week that social networking sites and search engines could face court action if they fail to obey new EU data privacy rules.

Under proposals to be fleshed out in the coming months and that will update 16-year-old data-protection laws, the European Commission wants to force companies holding data to allow users to withdraw it from websites, calling it the "right to be forgotten."

Companies would also have to provide more information on what data they have collected from people and why.

"Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules," Viviane Reding, the European commissioner in charge of justice issues, said in a speech this week.

"To enforce EU law, national privacy watchdogs will be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers," she added.

Reding said that EU-based privacy watchdogs should even be given powers to enforce compliance outside Europe, which could include access to U.S.-based servers and other data sources.

While privacy campaigners and Internet users may be pleased to hear what Reding has to say, her words will cause concern in parts of the United States, where many of the biggest and most successful search engines and social media companies are based.

Europe and the United States have traditionally differed on privacy issues, with the EU taking a stronger regulatory approach and U.S. officials more mindful of the need to balance entrepreneurship and business demands with data protection.

But in recent weeks, as U.S. privacy experts have visited Brussels to try to close the gaps between the two regulatory frameworks, officials have emphasized how closely they are working together to come up with a common set of standards.

"I think our baseline understanding of the rules is very similar," said Fiona Alexander of the U.S. Department of Commerce, who was in Brussels this month to meet EU regulators. "The implementation in the past may have been different."

LEVEL PLAYING FIELD

The EU and U.S. already agree on some general concepts, such as the idea that privacy safeguards need to be designed into Web products from the start. They also both want to require Web browsers to offer a "do not track" option to users.

But differences remain on specifics and philosophy.

EU officials are adamant that companies should obtain explicit permission from users before every use of their data -- such as through a pop-up consent box -- while that is not something U.S. regulators are pushing for, EU officials say.

The right to be forgotten is also a concept that goes against the grain for U.S. regulators, who favor a broader definition of freedom of information.

In a sign of where Europe is going and how complex applying the law could become, Spanish data protection authorities ordered Google in January to remove links to more than 80 news articles mentioning people by name, saying it violated privacy.

The case has been referred to Europe's highest court.

Some companies, such as Microsoft, support the effort by the European Union and the United States to align their policies, saying it will result in clearer, more uniform rules.

"Companies need solid, clear rules to be able to continue to invest and to be competitive," said John Vassallo, Microsoft's vice president of EU affairs. "Now, there are too many competing rules."

But even within individual EU countries, privacy rules vary so much that lawyers say it would be almost impossible for a multinational company to be compliant in all 27 EU countries.

That suggests that Reding and her EU regulatory team will have their work cut out if they are to draw up a clear and workable policy in the months ahead, and one that fits well with the rules U.S. regulators are also drawing up.
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
Understanding the "right to be forgotten" in a digital world
https://www.privacyassociation.org/publications/2010_10_20_understanding_the_right_to_be_forgotten_in_a_digital_world/
10.15.2010

By Jennifer L. Saunders

There are at least two opposing points of view when it comes to data retention, and they may well be at the core of many privacy debates across the globe. At issue is the idea of the "right to be forgotten," which has been talked about in many nations and at many levels of privacy discourse, and was illustrated one year ago when two French lawmakers introduced a bill that would give individuals that very right.

Bruno Rasle, executive director of the AFCDP (French Association of Data Protection Correspondents), explains that the phrase the "right to be forgotten" can be construed in two ways, which causes some confusion.

"In the first sense, the 'right to be forgotten' is a prohibition, made in France, against the indefinite retention of personal data. The French Data Protection Act (Informatique et Libertés Law) requires the data controller to define a retention period compatible with the intended purpose," he says.

The CNIL has made some recommendations, and the AFCDP has created a special working group to determine appropriate retention periods, he explains, noting that the CNIL's reference to the "right to be forgotten" relates to the all-too-rare occurrence of the purging of personal data. In reality, he says, there is no "right to be forgotten," as such, in French law.

The second meaning, Rasle suggests, is the right to rectification and objection.

"Some people wrongly interpret these last two rights as an opportunity for them to demand of the data controller, at all times, to erase all personal information about them," he explains. "In fact, the data controller is obliged to delete data only if they are inaccurate, outdated or whose collection is prohibited."

Hunton & Williams LLP Senior Policy Advisor Marty Abrams adds that there is a difference between the idea of a "right to be forgotten" and a "right not to be seen."

In the offline world, he notes, humanity has had "thousands of years to hone this," but online, "the ability to be forgotten and the ability to be unseen have been lost."

The norms around the idea of being unseen in the offline world do not yet translate online, he points out, using the analogy of a domicile as a protected space where individuals live out the private moments of their lives and keep personal belongings, photographs and information. In the online world, the equivalent is a personal computer, where many people store their personal financial information, family photographs, personal writings, book purchases, movie preferences and other private information.

"The books that I read are private to me, but are they private to me when they're sitting on a digital device?" he asks, suggesting our personal computers have, in many ways, become more of a reflection of who we are than our homes, but privacy protection does not extend to these online spaces in the same way.

This "freedom to observe" data and processes is an American concept, steeped in the constitutional right of freedom of expression, he notes. "In Europe, every step of data is processing, and processing needs a legal basis."

This desire to be forgotten parallels the point of view of those who believe the digital history we create online--sometimes intentionally, and sometimes without even realizing it--should be allowed to "fade away" through a process called data degradation. Then, there is the other side to the argument, the perspective that data must be stored and maintained, either to protect it or as part of a business plan that relies on what has come to be seen as a key commodity: online clicks, posts and visits that can paint pictures of Web users' likes and dislikes.

As technology professional Sean Gallagher writes for internet evolution on data degradation, "Chances are that you've left a considerable electronic trail behind you in your travels across the Internet. Your e-mail address, mailing address, birth date, age, credit card numbers, and more are all stored in scores of e-commerce systems, social networking sites and maybe even a job board or two. And your business likely has a trove of similar data about everyone you've ever done a transaction with over the Web."

Although sharing different views on how data should be managed, both Jeff Chester of the Center for Digital Democracy and Linda Woolley of the Digital Marketing Association, for example, spoke of the value of data during a recent appearance on CSPAN's "The Communicators" series.

"Consumers have to understand personal data is a commodity," Woolley said, while Chester noted that what people do online is "the new currency...Data is power."

When it comes to managing what both sides seem to agree is valuable data, such distinct views--to keep or to delete--prompt questions as to whether there's room for compromise or the natural course of events will be for these opposing forces to collide.

As Winston Maxwell notes in a report on the French proposal for the Hogan Lovells Chronicle of Data Protection, the proposal was aimed in part at facilitating data subjects' ability to request the deletion of their personal data as "part of a broader French government campaign to create a citizen's 'right to be forgotten' on digital networks."

On that subject, Rasle refers to concerns voiced recently by the CNIL's president, Alex Türk, on cloud computing, where the "dissemination and duplication of personal data make him fear that, despite the purges, personal data never really disappear and could reappear one day or another."

Data degradation, however, as Gallagher points out in his report, "is the exact opposite of what most IT managers strive to do with customer data," as it is an asset that can be used in myriad ways.

In terms of maintaining or deleting data, Rasle notes, "In reality, these rights depend strongly on the quality of information that was issued by the data controller" to ensure that individuals are "aware of the real implications of collection and also about their rights."

Rasle points to recent comments by European Commissioner Viviane Reding, who has said, "Transparency must be strictly applied."

As Gallagher writes in his report, "For most uses beyond the transactional relationship with customers, we don't need high-resolution data. Often, the data can be 'anonymized' to a large degree for the purposes of larger analytical tasks, and there's definitely a shelf-life attached to the value of data for any given transaction."

Abrams, meanwhile, points to the use of analytics as taking the issue beyond data itself to the idea of process degradation and integrity.

"In a world where every piece of information is feeding into analytic processes that predict future behavior or future outcomes, then the existing data protection principles don't encompass the privacy risks that come from the use of information in predictive processes," he explains. "The information can be sound, and the information can still be relevant, but when put into an analytic process, can lead to outcomes that come to the heart of privacy."

As every analytic model has a failure rate and can lose predictive value over time, it is impossible to consider online data without considering process factors.

"When you think of the impact of information," Abrams says, "you have to really think of it in terms of advanced analytics."
When it comes to balancing issues of data degradation and preservation, Rasle says it will be chief privacy officers playing a crucial role to "ensure the company listens to the people concerned, that their rights are recognized, that their information is assured" and to champion privacy by design and data minimization.

Or, put another way, he says, the "easiest personal data to forget are those we never collected."
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
Apparently the buzzwords - "The right to be forgotten" - were invented in October of 2010.

=================

Ok... amend that ... here are earlier references:

#
SSRN-The Right to Inform v. The Right to be Forgotten: A ...
by F Werro - Cited by 1 - Related articles
May 10, 2009 ... The Right to be Forgotten: A Transatlantic Clash (May, 08 2009). LIABILITY IN THE THIRD MILLENNIUM, Aurelia Colombi Ciacchi, Christine Godt, ...
papers.ssrn.com/sol3/papers.cfm?abstract_id=1401357 - Similar

#
Freedom of expression vs right to be forgotten? | EDRI
Nov 18, 2009 ... Freedom of expression vs right to be forgotten? 18 November, 2009. » Privacy | Freedom of speech. This article is also available in: ...
www.edri.org/edrigram/.../wikipedia-privacy-freedom-speech - Cached - Similar
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,939
The Right to Inform v. The Right to be Forgotten: A Transatlantic Clash
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1401357
Franz Werro
Georgetown University Law Center
DOWNLOAD PDF: http://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID1401357_code238438.pdf?abstractid=1401357&mirid=1


LIABILITY IN THE THIRD MILLENNIUM, Aurelia Colombi Ciacchi, Christine Godt, Peter Rott, Leslie Jane Smith, eds., Baden-Baden, F.R.G., 2009
Georgetown Public Law Research Paper No. 2

Abstract:     
In recent time, privacy advocates in Europe have argued that internet users should have the right to control and possible erase the information they leave behind themselves on the web, calling for "a right to be forgotten".

Under Swiss law, which for obvious reasons I will choose as an example of laws in other European countries, courts may not be confronted with this issue in the near future; however, in disputes involving the press and other media, they have repeatedly extended the right to be forgotten to persons who have been sentenced for criminal offenses. After a certain time has passed, these persons may have the right to preclude anyone from identifying them in relation to their criminal past. This right is part of what the Swiss refer to as the "rights of the personality," and could arguably include the right of internet users to keep their activity trails private. Dignity, honor and the right to the respect of one's private life and to keep certain things secret, as well as the right to the respect of one's family life and other aspects of privacy, are all part of these fundamental rights of the person.

My aim in this tribute is to present the right to be forgotten as it is recognized in Switzerland and give, by the same token, as example of the European approach to this question. I also want to describe the law as it is in the United States. My concluding remarks will hopefully offer an insight of what may in part explain the transatlantic clash on this question.

Number of Pages in PDF File: 18
And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40