EU: Right to be forgotten now the right to erasure Article 17 now specifically provides for the 'right to erasure',

previously termed the 'right to be forgotten', which would require the data controller to take all reasonable steps to have individuals' data erased, including by third parties 'without delay', for the personal data that the controller has made public 'without legal justification'. Under Article 17, data subjects are granted the right to 'obtain from the controller the erasure of personal data relating to them [] and from third parties the erasure of any links to, or copy or replication of that data', where the data are no longer necessary in relation to the purposes for which they were collected, that individual withdraws consent or objects to the processing of his/her personal data, or where the processing of such data contravenes other parts of the Regulation.

Previously, a large part of the debate on the 'right to be forgotten' has focused on the feasibility of implementing and enforcing the right given the surrounding issues of cloud computing and Big Data. Prior to the amendments, a data controller who made any personal data public was obliged to inform third parties which were processing such data that an individual had requested them to erase any links to, or copies of that data, and to take all reasonable steps, including technical measures, to have the data erased. The controller was also considered responsible for any third party publication of personal data authorised by the data controller.

Peter Fleischer, Google's Global Privacy Counsel, declined to comment on the changes and adoption of Article 17. However, Fleischer referred to his statement posted in Google's 'Thoughts on the Right to be Forgotten', on 16 February 2012, which stated: "Ultimately, responsibility for deleting content published online should lie with the person or entity who published it. Host providers store this information on behalf of the content provider and so have no original right to delete the data. Similarly, search engines index any publicly available information to make it searchable. They too have no direct relationship with the original content. We're supportive of the principles behind the right to be forgotten - and believe that it's possible to implement this concept in a way that not only enhances privacy online, but also fosters free expression for all."

The National Court of Spain also previously referred the question of the right to be forgotten to the Court of Justice of the European Union (CJEU) as reported by DataGuidance. Rafael Garca del Poyo, Partner at Osborne Clarke, said: "'Full' right to be forgotten must recognise that the real power of the use of personal data comes essentially from the metadata created by the companies by generating huge databases indexable, searchable and very valuable of the data produced by users.''

ENISA experts have expressed concerns about the technical hurdles to enforcement of the right, as it is remains difficult in an open system to restrict the re-publication of data where sharing is primary. ENISA has also noted that cases may arise where there are conflicting wishes on whether a piece of information should be deleted, for instance when two people appear in a photograph and one wants it deleted. And adviser to EUs highest court has made a statement stating that that Google does not have to remove personal information from its search results, even that information is damaging to an individuals reputation. The statement, delivered by advocate general NiiloJskinen is a blow against the long-running argument over the right to be forgotten in Europe. Although the court is not bound by Jskinens opinion, in the majority of cases judges follow such recommendations. "Requesting search engine service providers to suppress legitimate and legal information that has entered the public domain would entail an interference with the freedom of expression, said MrJskinen in a statement delivered on behalf of the court. Search engine service providers are not responsible, on the basis of the data protection directive, for personal data appearing on web pages they process," The case stemmed from the complaint of a Spanish man who, after his home was repossessed, found that an auction of his property could be found by Google. The man asked for this information to be deleted and Spains courts upheld the complaint. This case was then referred to the European court of Justice in March 2012, after Google challenged the decision. It is one of 180 similar Spanish cases which are pending the courts decision, not due before the end of 2013. In an emailed statement Googles Bill Echikson said that This is a good opinion for free expression. We're glad to see it supports our long-held view that requiring search engines to suppress 'legitimate and legal information' would amount to censorship. Google have previously argued that there are "clear societal reasons why this kind of information should be publicly available and, in an interview with the Financial Times, said that any restrictions would really hurt innovation. The courts decision is based on a reading of the current Data Protection Directive, which controls how personal data appears on websites and whether companies like Google count as publishers or simply hosts.

Jskinen judged that under current law Google cannot be considered a controller of personal data and therefore has no responsibility to remove information, unless it is false, libellous or criminal.

EU court: No 'right to be forgotten' in data rules BRUSSELS - EU data privacy law does not give citizens the "right to be forgotten," the bloc's court indicated on Tuesday (25 June). According to an opinion by NiiloJaaskinen, the advocate general of the Luxembourg-based European Court of Justice, there are no legal provisions requiring internet service providers to delete personal information just because it was embarrassing. The case rests on details about a real-estate auction published in a Spanish newspaper La Vanguardia in 1998 brought about by the owners' social security debts, Spaniard, Mario Costeja. Costeja wanted Google to eliminate all links to the auction In November 2009 the owner contacted the newspaper asserting that, when his name and surnames were entered in the Google search engine, a reference appeared linking to pages of the newspaper with these announcements. However, Jskinen adjudged that a national data protection authority cannot require an internet search engine service provider to withdraw information from its index unless it had ignored exclusion codes or been asked to update its cache memory of data. Jskinen indicated that Google's role in the case was aggregating the data and was not a controller of information, meaning that it was not responsible for deleting data. The 'right to be forgotten' only applied in cases where information was incomplete or inaccurate, he said. The existing data protection regime does not entitle a person to restrict or terminate dissemination of personal data that he considers to be harmful or contrary to his interests, said Jskinen. In a statement, Google spokesman William Echikson, welcomed the advocate generals recommendation. This is a good opinion for free expression, Echikson said. Were glad to see it supports our long-held view that requiring search engines to suppress legitimate and legal information would amount to censorship. The court case comes as MEPs and ministers are currently working on rules to overhaul the bloc's fifteen year old data privacy regime, which was put in place before the Internet boom. The proposal tabled by the European Commission in 2012 would give individuals far more control over the use of their personal data, including the right to demand the deletion of their data.

Although opinions by the Advocate Generals are not binding on the Court, they are rarely overridden in the final judgement. In 2008, millions of Internet users got a penetrating glimpse into the sordid sex life of Max Mosley, the then-head of Formula One racing, when British tabloid News of the Worldreleased secretly filmed videos of him engaging in a distinctly S&M-themed "sex orgy" with several prostitutes. Mosley successfully sued the tabloid for the breach of his privacy, yet a win in the analog world has done little to protect him in the digital age. Even after successfully suing hundreds of websites to remove the illegally obtained videos of his sexy party, like the mythical hydra, they continue to rear their heads. Fortunately for Mosley, European privacy laws respect an individual's dignity and have given him the legal grounds to sue Google in Germany and several other countries, and could even compel the Internet giant to filter out the raunchy videos. Under the current EU Data Protection Directive, Mosley has the right "to object to the processing of any data relating to himself." His case could be further strengthened by a controversial privacy law under consideration by the European Commission: "the right to be forgotten," which would allow individuals to force tech companies to delete all the data it has on them. While the implications of allowing individuals to raise objections to any links, content, or media are legion and its legality already in question, as the United States debates the precarious state of privacy rights in light of the NSA's domestic surveillance programs, American law could benefit from the underlying principle of the "right to be forgotten" -- dignity. For Europeans, "dignity, honor, and the right to private life" are among the most important of fundamental rights - "mainly the right for the (moral and legal) integrity of a person not to be infringed and for a sphere of privacy to be maintained and distinguished," explainsUniversity of Zurich Law Professor Rolf Weber. Despite the American myths that tout the individual as the pillar of society, European privacy laws have a more deeply rooted respect for individuals as evidenced by Europe's long tradition of prioritizing people over newspapers, photographers, and more recently, tech companies. For instance, in the 19th century, famed French author Alexandre Dumas successfully sued a photographer who sought to profit from racy pictures he and his lover had posed for in private. A Parisian appeals court ruled that even if Dumas and his lover agreed to the publication of the photos, they still retained the right to withdraw their consent as privacy and dignity trumped commercial rights. "Private life must be walled off in the interest of individuals, and often in the interest of good morals as well," the court argued. In an analysis of the case, Yale Law Professor James Whitman reasoned, "one's privacy, like other aspects of one's honor, was not a market commodity that could simply be definitively sold." Perhaps a quaint notion, this humanistic interpretation of privacy is far more empathetic than the loosely defined laissez-faire American conception, which Supreme Court Justice Louis Brandeis famously described as the "right to be left alone."

To contrast these two conceptions of privacy, take for instance the 2004 European Court of Human Rights ruling that found German tabloids had violated Princess Caroline of Monaco's privacy by publishing photographs of her and her children. "Photos appearing in the tabloid press were often taken in a climate of continual harassment which induced in the person concerned a very strong sense of intrusion into their private life or even of persecution," the court argued. In contrast, in 1975, the California Supreme Court upheld the right of journalists to publicly out Oliver Sipple as a gay man after he stopped an assassination attempt on President Gerald Ford. Despite his repeated requests to journalists to keep his sexual orientation private, the court argued that Sipple was a public figure and therefore surrendered much of his privacy rights. Sipple's outing led to his parents' discovery that he was gay, a fact he had kept hidden, which ultimately led to ostracization from his family, depression, and alcoholism. In this case, by upholding the freedom of expression, Sipple was neither given the "right to be left alone" nor "dignity, honor, and the right to private life." American laws frequently prioritize free speech at the expense of individual rights. For example, mug shots are considered public information and therefore their publication is protected by the First Amendment, giving rise to an entire industry where websites publishthousands of mug shots, publicly shaming those depicted and linking their search engine results to an embarrassing photo regardless of their guilt or innocence. Meanwhile, in Europe, the "right to be forgotten" can be traced back to French law, which acknowledges le droit l'oubli -- or the "right of oblivion" -- which allows a convicted criminal who has served out their sentence to protest the publication of the facts of their conviction. In considering the "right to be forgotten" in America, the question isn't whether individuals like Max Mosley should have the ability to compel search engines to filter out undesirable content, but why it takes a high-profile lawsuit before individuals are given a say in their digital identities. In matters concerning one's reputation and dignity online, the burden of proof is placed on the individual, who is already at a disadvantage with little say in how their personal data is distributed, disseminated, and to who. Tech giants and government agencies parse through mountains of personal data that reveal everything from consumer preferences, location data, and search habits to the very content of our emails with little input beyond an individual's consent. With this all or nothing decision, individuals are left with limited control over their data once they click "yes," so it is no surprise that corporations and the government are continually violating privacy rights. It's time we asserted control over our data, and by drawing on the European conception of privacy, Americans could have a legal weapon to wrestle control of our digital identities.

The Internet dilemma: Do people have the right to be forgotten One of the most heartbreaking overlooked moments in the case of Rehtaeh Parsons the 17-year-old Nova Scotian who killed herself in April after allegedly being raped and bullied came in a blog post written by her father three days after her death.

I had to write something about this, one line read. I dont want her life to be defined by a Google search about suicide or death or rape. I want it to be about the giving heart she had. The sentiment is so moving because it is so fruitless. The Parsons tragedy is hypermodern someone photographed her during the alleged rapes; the photo was disseminated around her school; her classmates sent her cruel, crude messages and Rehtaeh will, of course, be defined by her Google search. As we all increasingly are. At the heart of the Internet is a tension between ephemera and permanence. Every tweet, Facebook post and Instagram photo is a vehicle for instant gratification, but that information sticks around, squirrelled away forever forgotten, until it isnt. Typically, this is cast as an issue of privacy: Does a job applicant, for example, deserve to lose an opportunity because Googling her name pulls up some long-ago indiscretion? But its more. Rehtaeh Parsonss father was worried his daughter would be memorialized by forces outside human control, by the inscrutable, impersonal logic of algorithms. The difference between how humans remember and how the Internet remembers is deep and fundamental. Humans forget, or remember selectively; the Internet remembers everything. For almost all of human history, collecting information and storing information was time-consuming and costly, and therefore we stored as little as possible, says Viktor Mayer-Schnberger, a professor at Oxford University and the author of Delete: The Virtue of Forgetting in the New Digital Age. Even the stuff we stored we rarely made use of, because retrieval was so expensive. But digital technology massively decreased the cost of data storage, and made accessing that information far easier. Now, were steeped not just in knowledge but in memory: of our checkered pasts, our personal failures, the ruined lives of our loved ones. Human forgetting actually performs a very important function for us individually as well as for society, Prof. Mayer-Schnberger says. It lets us act and think in the present rather than be tethered to an ever-morecomprehensive past. The beauty of the human mind and human forgetting is that, as we forget, were able to generalize, to abstract, to see the forest rather than the individual tree. And if we cannot forget, then all we will have are the individual trees to go by. In Rehtaeh Parsonss case, all we have are those trees: the awful circumstances of her death, the official bungling of the investigation. A more human kind of memory would recall her as a whole person, someone with agency and interiority. We live in an era of endless archiving. For $279, you can pre-order a lifelogging camera called Memoto, which attaches to your clothes and takes two geotagged photos every minute, around the clock: This means that you can revisit any moment of your past. the copy reads. Google Glass, the tech giants much-hyped wearable computer, will also come with a camera. More nobly, the United Nations Memory of the World project aims to preserve the worlds documentary heritage from the archives of the Dutch East India Company to the woodblocks of Vietnams Nguyen Dynasty. Even Facebooks Timeline redesign is a memorial project, creating as it does a single continuous stream of your entire existence on the social network.

The advantages of the Internets vast archive are obvious: Never before has our knowledge been so far-reaching or esoteric. Political projects such as WikiLeaks hold governments to account; online memorials to deceased loved ones create easily accessible places of mourning. Indeed, theres an emotional side to all this. A Tumblr called Sad YouTube collects poignant comments left on music videos. In one entry, someone with the username napoleanmoran recalls how the songHave You Seen Her? by the Chi-Lites reminds him of an old girlfriend. I made a mistake and lost contact with her, a war came by and eventually had to leave my country [El Salvador] on self-imposed exile, he writes. Ever since I think of her and wish I had the chance to at least say that I was so sorry. I will never forget her. Mark Slutsky, the Montreal-based filmmaker behind the site, says YouTube plays an unintentional role of archiving a haphazard oral history of modern life. People really are telling their stories a moment that they remember that resonates with them, which might be lost or never shared if not for YouTube, he says. Its serving a really interesting function of coaxing memories out of people. But too much digital memory can also do us a disservice. In the European Union, policy-makers are debating the right to be forgotten an idea that sounds woolly but could soon become enshrined in law. In true EU fashion, the proposed changes are knotty and complex. But the idea is to grant users greater control over any personal information held by a company or government agency that is, to establish a clear legal right to obtain personal data, stop it from being processed, or delete it entirely. The legislation would also harmonize data-privacy rules across the EUs 27 member states. If the right to be forgotten is an attractive name, its also a slightly misleading one. Its actually more a right to delete than a right to be forgotten, says Jim Killock, the executive director of the Open Rights Group, a consumer advocacy organization. The idea is not really about the forgetfulness of companies. The idea is that a company, when asked to remove your data, should delete it in full. So, for example, you should have the right not just to delete your Facebook account, but to ensure that all your personal information is permanently scoured from the site. Indeed, one of the more disconcerting elements of online memory is our lack of control over our digital trails. Nowhere is this clearer than in the question of what to do with our e-mail and social media when we die. A miniindustry has cropped up to deal with this problem. For example, Google recently announced a tool called Inactive Account Manager, granting you the option to posthumously send your Google data Gmail messages, YouTube videos, and so on to a friend or loved one, or to delete it entirely, so that our digital slates, in death, may be wiped clean. The changing face of online memory is also apparent, in a slightly more frivolous form, in Snapchat, a smartphone app that embraces impermanence. Like countless other apps, Snapchat allows you to take a photo or video, and send it to friends. The difference is that, after 10 seconds or less, the photo is deleted forever. Not even the company holds on to the data. Its mascot, fittingly, is a ghost. Although Snapchats primary function might seem pornographic imagine the consequence-free possibilities it has proved more popular than that: 150 million auto-destructing photos now pass through the app every day. The company recently raised $13.5-million, and Facebook has released a copycat service called Poke. Snapchat has struck a chord, perhaps, because we all long to be forgotten. But just as not everything should be remembered, surely not everything should be deleted. So how do we strike a balance? Prof. Mayer-Schnberger has one pragmatic suggestion: assigning optional expiry dates to data. For example, every Facebook post might exist for some predetermined amount of time before it vanishes.

You could still share a lot of information, he notes. You could at the same time, though, control how long you want to share something for, and that is up to you. You basically condition the digital tools to be forgetful. To further illustrate the value of forgetting, Prof. Mayer-Schnberger points to Funes the Memorious, a short story by the great Argentine writer Jorge Luis Borges. The title character, a boy who suffered a horse-riding accident, is incapable of forgetting and becomes lost in specificity: the creation of a new numeric system, the classification of his every childhood memory. To think is to forget differences, generalize, make abstractions, Borges writes. In the teeming world of Funes, there were only details, almost immediate in their presence. And what about Rehtaeh Parsons? Although most of the media attention surrounding her death focused on cyberbullying, the word itself hardly does justice to the misogynist torture she faced. Now, in death, she faces a different kind of malice: posthumous victim-blaming. After her death, anonymous online trolls set up a fake The Real Rehtaeh Parsons Facebook account, and, last week, National Post columnist Christie Blatchford even suggested that the girl had lied about being raped. Online, Rehtaeh faces a sort of permanent libel even more ugly, in some ways, than the kind she faced in life, because it is public and available by typing a few words into a search bar. And it exists in perpetuity,. Perhaps thats what her father meant when he wrote that he did not want his daughter defined by a Google search. Not just that he didnt want the horrific circumstances of her death to serve as a tombstone, but that granting primacy to those circumstances gives power to her tormentors: the boys who raped her, the kids who bullied her, the police who dismissed her case, the trolls who still savage her memory. Turning away from endless online memory does not mean that we should forget someone like Rehtaeh Parsons. But it could mean considering how our digital lives might be reshaped to better reflect what is best about human memory: its selectivity, its fallibility, its sensibility. Otherwise, we could end up like poor Funes, afloat on a sea of endless detail, the broader view obscured by our own eternal knowledge. If the right to be forgotten is an attractive name, its also a slightly misleading one. Its actually more a right to delete than a right to be forgotten, says Jim Killock, the executive director of the Open Rights Group, a consumer advocacy organization. The idea is not really about the forgetfulness of companies. The idea is that a company, when asked to remove your data, should delete it in full. So, for example, you should have the right not just to delete your Facebook account, but to ensure that all your personal information is permanently scoured from the site. Indeed, one of the more disconcerting elements of online memory is our lack of control over our digital trails. Nowhere is this clearer than in the question of what to do with our e-mail and social media when we die. A miniindustry has cropped up to deal with this problem. For example, Google recently announced a tool called Inactive Account Manager, granting you the option to posthumously send your Google data Gmail messages, YouTube videos, and so on to a friend or loved one, or to delete it entirely, so that our digital slates, in death, may be wiped clean. The changing face of online memory is also apparent, in a slightly more frivolous form, in Snapchat, a smartphone app that embraces impermanence. Like countless other apps, Snapchat allows you to take a photo or video, and

send it to friends. The difference is that, after 10 seconds or less, the photo is deleted forever. Not even the company holds on to the data. Its mascot, fittingly, is a ghost. Although Snapchats primary function might seem pornographic imagine the consequence-free possibilities it has proved more popular than that: 150 million auto-destructing photos now pass through the app every day. The company recently raised $13.5-million, and Facebook has released a copycat service called Poke. Snapchat has struck a chord, perhaps, because we all long to be forgotten. But just as not everything should be remembered, surely not everything should be deleted. So how do we strike a balance? Prof. Mayer-Schnberger has one pragmatic suggestion: assigning optional expiry dates to data. For example, every Facebook post might exist for some predetermined amount of time before it vanishes. You could still share a lot of information, he notes. You could at the same time, though, control how long you want to share something for, and that is up to you. You basically condition the digital tools to be forgetful. To further illustrate the value of forgetting, Prof. Mayer-Schnberger points to Funes the Memorious, a short story by the great Argentine writer Jorge Luis Borges. The title character, a boy who suffered a horse-riding accident, is incapable of forgetting and becomes lost in specificity: the creation of a new numeric system, the classification of his every childhood memory. To think is to forget differences, generalize, make abstractions, Borges writes. In the teeming world of Funes, there were only details, almost immediate in their presence. And what about Rehtaeh Parsons? Although most of the media attention surrounding her death focused on cyberbullying, the word itself hardly does justice to the misogynist torture she faced. Now, in death, she faces a different kind of malice: posthumous victim-blaming. After her death, anonymous online trolls set up a fake The Real Rehtaeh Parsons Facebook account, and, last week, National Post columnist Christie Blatchford even suggested that the girl had lied about being raped. Online, Rehtaeh faces a sort of permanent libel even more ugly, in some ways, than the kind she faced in life, because it is public and available by typing a few words into a search bar. And it exists in perpetuity,. Perhaps thats what her father meant when he wrote that he did not want his daughter defined by a Google search. Not just that he didnt want the horrific circumstances of her death to serve as a tombstone, but that granting primacy to those circumstances gives power to her tormentors: the boys who raped her, the kids who bullied her, the police who dismissed her case, the trolls who still savage her memory. Turning away from endless online memory does not mean that we should forget someone like Rehtaeh Parsons. But it could mean considering how our digital lives might be reshaped to better reflect what is best about human memory: its selectivity, its fallibility, its sensibility. Otherwise, we could end up like poor Funes, afloat on a sea of endless detail, the broader view obscured by our own eternal knowledge. Should There be a Right to be Forgotten on the Internet? Being forgotten is not usually something people wish for. At the moment, however, a debate is raging in Europe about the right of citizens to be forgotten when it comes to information stored on the Internet.

Like SOPA and PIPA earlier this year, new provisions in the EUs Data Protection Directive are raising questions about speech, privacy, censorship and what it means to publish on the web. So, what does it say? Article 17 of the Data Protection Directive proposes to give EU residents the right to control and delete facts about themselves that were once voluntarily published on the Internet. This covers anything from the personal information given to credit card companies, to that published on social media sites, and then everything in between. A spokesman for the European Justice Commissioner Viviane Reding goes on to explain that these rules are particularly aimed at young people as they are not always as aware as they could be about the consequence of putting photos and other information on social network websites, or about the various privacy settings available. In other words, the rule has been designed, in part, to help young people manage their reputation. It plays on the assumption that twenty-something job seeker does not want to, and should not, be haunted by less-than-worthy pictures taken of them when they were 16. A wide-ranging attempt to protect the privacy of European citizens, the EU is even looking to search engines for unprecedented levels of cooperation. From the preamble: To strengthen the right to be forgotten in the online environment, the right to erasure should also be extended in such a way that any publicly available copies or replications in websites and search engines should also be deleted by the controller who has made the information public. While to some this may seem to be a worthy and consumer-friendly undertaking, critics are using the language of censorship and pointing to the impact on speech. Writing for Time, Jerry Brito speaks about personal memory holes a la 1984 and the inverted interaction between privacy and free speech: The new law would flip the traditional understanding of privacy as an exception to free speech. What this means is that if we treat free expression as the more important value, then one has to prove a harmful violation of privacy before the speaker can be silenced. Under the proposed law, however, its the speaker who must show that his speech is a legitimate exception to a claim of privacy. That is, the burden of proof is switched so that speakers are the ones who would have to justify their speech. The wording of the law explains that the data can be saved only where it is necessary for historical, statistical and scientific research purposes, for exercising the right of freedom of expression, when required by law, or where there is a reason to restrict the processing of the data instead of erasing them.

So, back to the point Jerry Brito made: publishers would be forced to comply unless they can show a legitimate reason not too. The burden of compliance looms. And this will not be restricted to Europe. These rules will apply to U.S. websites as well, in so far as they are accessed from Europe. Think Facebook, Google et. al. Another outspoken critic, Jane Yakowitz of Brooklyn Law School writes about the draconian fines outlined in Article 79. In this provision, EU authorities will collect 1% of an enterprises annual revenue in fines for failure to comply with the right to be forgotten. On top of that, Violation of other data rules could lead to fines of up to a million euros or 2% of a companys global revenue. All this brings me to two (rhetorical?) questions First: how is this different from SOPA/PIPA? Is removing content from the web in the name of privacy censorship? As much as doing so in the name of stopping online piracy? How can we balance the concepts of free speech and to privacy in the Internet age? And this leads me on to my second question: Is there a right to be forgotten when information was given and published freely, just because it was published on the Internet? If you publish something in print in a book or magazine, you cannot take it back. Why should the Internet be treated any differently? If they ever did, people no longer see Internet publishing in the same way as traditional publishing. The Internet is a world where writing has become disposable: easy to submit and easy to consume. Speech is published immediately and without a second thought. And so, according to its users, the Internet is different and should thus be treated accordingly. Whether or not this difference in production should change the way the final product is treated is the philosophical question at the heart of the debate. But it is the censorship argument that will make or break this directive as it broke SOPA and PIPA. I would like think more about this angle, but for now, while I understand the free-speech arguments put forward, the definition of censorship is too often seen starkly in black and white. In this new age, discussions about speech, privacy, information publication and their regulation need to catch up.