The Right To Be Forgotten – A Shot From Across The Pond

more+
less-

“You Are What Google Says You Are,” Wired, Feb. 11, 2009.

The privacy of individuals has always been taken much more seriously in Europe than in the United States.  In Europe, privacy is deemed a fundamental human right and has long been protected through extensive regulations. The United States, which lacks a comprehensive federal data privacy law, has been viewed by the European regulators as a pariah in the world of privacy and lacking sufficient data privacy laws. Snowden shining a light on our government’s alleged intrusion on personal privacy has not helped assuage the discomfort European privacy regulators  feel toward our treatment of privacy rights.

It was, therefore, not a surprise when the Court of Justice of the European Union (ECJ) sent shockwaves across the pond when it ruled recently that search engines like Google® must remove the link between search results and a webpage if it contains information that an individual deems offensive and damaging to his or her reputation. The so-called Right To Be Forgotten is now recognized by the ECJ.
“ Every young person ….will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful highjinks stored on their friends’ social media sites.” Eric Schmidt, Chairman of Google, Wall Street Journal, August 14, 2010
In recognizing the Right To Be Forgotten, the ECJ decided that (1)  indexing information by a search engine is “processing of personal data,” (2) Google is a “controller” of personal data, (3) Spanish data protection law applies even if the indexing occurs in the USA, (4) Google must remove links to webpages, even if the webpages themselves are lawful,  and (5) a balance must be found between the legitimate interests of search engine users and the privacy rights of individuals.

So let the battles begin. Google is not happy with the ECJ decision and was hoping that earlier advice of the advocate general would prevail. The advocate general had suggested in a non-binding opinion that deleting sensitive information from search results would interfere with freedom of expression and that the publisher or website, not the search engine, were the data controllers. Google was simply the data processor. The ECJ, however, determined that because Google decides the purposes and means of indexing activity, it is a “controller” not a mere “processor” and that the rights of people whose privacy had been violated outweighed the general public interest. 
“We live naked on the Internet….in a brave new world where our data lives forever.” John Hendel , The Atlantic, Feb 3, 2011

Our search history, location data, browsing habits, reading behavior, video preferences and shopping habits are now all harvested and used in ways that we can barely comprehend. Technology enables the unprecedented use of our personal information and the creation of “digital dossiers.” A single individual is now almost helpless to protect against the collection and use of their own personal data.

In an earlier post on this blog, I reported on one woman’s efforts and costs to reclaim her privacy.  

Privacy advocates may consider this “Right To Be Forgotten” an effort to even the playing field and shift some of the burden to the party collecting and “mining” the data. 

Google®, other internet search engines and online publishers of data may, however, be faced with technical and legal challenges as well as exorbitant costs as they try to comply with the ECJ ruling. New take-down policies allowing for removal of links to a person’s data may start to appear on web sites. Automated tools may be created to allow individuals to remove themselves from search results. What are the implications for a third-party data source holding personal data? Will personal data collected now have an expiration date?

As Google and others scramble to figure out what they must do to comply with this ECJ decision,  another similar law closer to home demands attention. The California so-called “Eraser” law takes effect on January 1, 2015. The law, entitled “Privacy Rights for California Minors in the Digital World,” provides web users under the age of 18 the right to delete or remove content they have posted online. Web site operators must give notice to minors of this right and how to accomplish such removal. 

The European “Right To Be Forgotten” and California’s “Eraser” law are harbingers of the coming battles that will likely be fought over privacy rights, freedom of speech, and the ability to restrict the free flow of data via the internet.

 

 

Topics:  Data Protection, EU, Google, Internet, Privacy Laws, Right to Be Forgotten, Right to Privacy, Search Engines, Young Lawyers

Published In: Communications & Media Updates, Constitutional Law Updates, International Trade Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Gray Plant Mooty | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »