Right to Be Forgotten: Much Ado About Nothing

Harvard Journal of Law & Technology, 2015

This Article examines the implications of the Google Spain case as well as the full-blown impact of the proposed GDPR that is estimated to go into effect in the European Union in 2017. The central problem with the right to be forgotten as conceptualized by the CJEU and the Commission is that the expansiveness of the right threatens to cannibalize free expression. Thus, this Article calls for a shrinking of the right to be forgotten to appropriately balance the right of data subjects to control personal information about themselves with free expression and the public interest in preserving history. We propose that the EU Commission operationalize free expression by narrowing the right to be forgotten for private persons, public officials, and public figures. Private persons will have the right to delete links to their own postings and repostings by third parties. They will have a right to delete links to postings created by third parties upon proof that the information serves no legi...

The European Commission's proposal of a new 'right to be forgotten,' contained in the Draft General Data Regulation, sparked much controversy among US and European commentators, suggesting a more fundamental conceptual gulf between the two jurisdictions. For privacy advocates, the Commission's proposal is to be welcomed, as it may represent a first step towards a recalibration of the data imbalance precipitated by the Internet, in favour of the individual, and away from the State and private enterprise. This article sets out the Commission's proposal and examines the American objections to the right. It also sets out potential normative justifications for a new EU protection of data. Finally, it attempts to reconcile the two perspectives by reference to the functioning of the right in practice.

University of Arkansas at Little Rock Law Review, 2012

Protecting Internet users’ privacy is a growing concern in the era of cloud computing, especially when one considers the absence of any effective international solutions. The existing Safe Harbor Privacy Principles, which were meant to guarantee stringent European Union (EU) data protection standards for U.S. companies, are ineffective. In order to protect the privacy of Internet users, the existing trans-Atlantic personal data exchange agreements need to be amended. This article presents the latest EU-proposed development in the area—a regulatory model based on amended Binding Corporate Rules (“BCR” or “BCRs”)—as introduced by EU Justice Commissioner Reding in late 2011. The 2012 reform of EU data protection regulations includes proposals to modify the EU approach to corporate personal data protection policies and to simplify regulations for companies participating in the EU market. The planned changes in EU legislation would have worldwide effects on international companies’ onlin...

In: Communication Today, 2015

Privacy and Power

Perspectives of Business Law Journal, 2014

The scientific paper aims at presenting the relevant legal aspects related to data protection in the EU (Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) in view of the ruling of the Court of justice of the European Union (C131/12), the content of the judgement of the court, how it has been enforced so far by Google and its impact on EU citizen and future legislation.

The conventional view of privacy, at least shared among privacy scholars, is that privacy is a rather culture—dependent issue and would be interpreted much differently in various jurisdictions. Though this is pretty true in the pre—digital age, the scenario may have been under considerable change due to the fact of the creation of new social spheres and life experience by numerous new technologies in the digital age. The popular use of the Internet, portable devices, smart phones, geographical location devices, smart home facilities, as well as the accompanied exploitation of big data collected from such devices, create a new living environment or life structure in which personal data become highly valuable in market economy and critical for personal development. Not only our perception of privacy needs update in order to follow the new reality, but also people will acquire more commonly—shared life experience, sensibility and consciousness of one perspective of privacy: information privacy. Such commonalities consequent to living in the information age against the backdrop of escalating privacy invasion, all contribute to a more commonly accepted concept of information privacy; therefore the internalization or universalization of information privacy that is attributed to a more common life structure based on information digitization and connected networks and has long run impacts on our life and laws. This short article intends to explore this new tendency, namely the internalization (or universalization) of information privacy, in both life realities and different legal systems. It will first discuss what and how the digitalization of human life has contributed to a more shared life experience among human beings based on the increasing connectivity, and how this further enables or generates a common perception of information privacy across the world. Second, the article will explore how the recent legal developments in both domestic laws and international laws adapt to the new life realities beyond cultural difference and political divergence. For this purpose, definitions of information privacy are compared from different jurisdictions, International policy and law documents analysed, and various court verdicts discussed, showcasing the internalization tendency of information privacy. Last, the article proposes a coherent protection of information privacy in International law to remedy the present gridlock in improving Internet Governance after Snowden's revelations.

European privacy law currently implements the ‘right to be forgotten’ by positioning commercial search engine operators as the initial site of decision-making regarding its exercise. This is problematic for a number of reasons. First, there are a number of structural flaws in the mode of this decision-making that make it unclear that search engines are capable of (or interested in) incorporating a robust account of competing interests. Second, right to be forgotten requests are not susceptible to the same kind of algorithmic techniques search engines use to deal with other kinds of removal requests, meaning large numbers of decisions must be made rapidly and primarily by staff lacking formal legal qualifications. When compounded with the possibility of heavy penalties for failure to comply with the right under European law, these two issues suggest there is a significant potential for bias toward deletion rather than preservation of borderline links. A third problem is that the simple online forms provided by search engines for European data users making a deletion request mask a complicated legal analysis, meaning those who properly structure their requests in an appropriately technical and legal manner may have a higher chance of success in their claims. This threatens to open up a new digital divide along the axis of reputation. Finally, the massive compliance costs associated with this new right may serve as a form of anti-competitive lock-in, preventing the emergence of innovative new companies in ‘search’. In sum, if the right to be forgotten is to have real meaning in European law, search engines are not the correct vector for its implementation.

THE RIGHT TO BE FORGOTTEN IN EUROPEAN UNION AND THE US, 2022

In digital era, access to information is very high and easy. Especially, the internet is the unique information pool and search engine operators have offers high opportunity to reach information. Although the access to information sounds good at first glance, some information is bad memory of individuals in theirs past. Especially, search engine operators make easier to access such information from news websites. As a result of this situation, individuals may would like to remove the content of these information from the websites based on the right to be forgotten. However, it is not still recognized universal human rights. The EU law and the US law have opposite approaches related to removal the content and the right to be forgotten. The GDPR(General Data Protection Regulation) recognizes the right to be forgotten in Europe but there is no relevant legislation which recognizes the Right to be Forgotten in the US. While it is possible to remove bad memories from the websites under European Union law as a rule, the US law rejects the right to be forgotten in favour of the freedom of expression. This situation is related to the liability of the websites and search engine operators. The purpose of this paper addresses the comparison of two opposite approaches on the right to be forgotten.