Social:Right to be forgotten

From HandWiki
Revision as of 12:35, 5 February 2024 by DanMescoff (talk | contribs) (update)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Legal concept

The right to be forgotten (RTBF[1]) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances. The concept has been discussed and put into practice in several jurisdictions, including Argentina ,[2][3] the European Union (EU), and the Philippines .[4] The issue has arisen from desires of individuals to "determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past".[5]:231

The right to be forgotten "reflects the claim of an individual to have certain data deleted so that third persons can no longer trace them".[6]:121 It has been defined as "the right to silence on past events in life that are no longer occurring".[7] The right to be forgotten leads to allowing individuals to have information, videos, or photographs about themselves deleted from certain Internet records so that they cannot be found by search engines.[6] (As of 2011), there were few protections against the harm caused by incidents such as revenge porn sharing, or by pictures uploaded due to poor judgment.[8]

The right to be forgotten is distinct from the right to privacy. The right to privacy constitutes information that is not publicly known, whereas the right to be forgotten involves removing information that was publicly known at a certain time and not allowing third parties to access the information.[6]:122[9]

There has been controversy about the practicality of establishing a right to be forgotten (in respect to access of information) as an international human right. This is partly due to the vagueness of current rulings attempting to implement such a right.[10][self-published source] Furthermore, there are concerns about its impact on the right to freedom of expression, its interaction with the right to privacy, and whether creating a right to be forgotten would decrease the quality of the Internet through censorship and the rewriting of history.[11] Those in favor of the right to be forgotten cite its necessity due to issues such as revenge porn sites appearing in search engine listings for a person's name, as well as instances of these results referencing petty crimes individuals may have committed in the past. The central concern lies in the potentially undue influence that such results may exert upon a person's online reputation almost indefinitely if not removed.[12]

Limitations of application in a jurisdiction include the inability to require removal of information held by companies outside the jurisdiction. There is no global framework to allow individuals control over their online image. However, Professor Viktor Mayer-Schönberger, an expert from Oxford Internet Institute, University of Oxford, said that Google cannot escape compliance with the law of France implementing the decision of the European Court of Justice in 2014 on the right to be forgotten. Mayer-Schönberger said nations, including the US, had long maintained that their local laws have "extra-territorial effects".[13]

Recognition by jurisdiction

Argentina

Argentina has seen lawsuits by celebrities against Google and Yahoo! in which the plaintiffs demand the removal of certain search results, and require removal of links to photographs.[14] One case, brought by artist Virginia da Cunha, involved photographs which had originally been taken with her permission and uploaded with her permission, however she alleged that the search results improperly associated her photographs with pornography.[15] De Cunha's case achieved initial success resulting in Argentina search engines not showing images of the particular celebrity, however, this decision is on appeal.[16]

Virginia Simari, the judge in favor of De Cunha, stated that people have the right to control their image and avert others from "capturing, reproducing, broadcasting, or publishing one's image without permission."[17] In addition, Simari used a treatise written by Julio César Rivera, a Buenos Aires lawyer, author, and law professor "the right to control one's personal data includes the right to prevent others from using one's image."[17] Since the 1990s, Argentina has also been a part of the habeas data movement in which they "adopted a constitutional provision that is part freedom-of-government-information law and part data privacy law."[17] Their version is known as Amparo. Article 43[17] explains it:

"Any person shall file this action to obtain information on the data about himself and their purpose, registered in public records or databases, or in private ones intended to supply information; and in case of false data or discrimination, this action may be filed to request the suppression, rectification, confidentiality or updating of said data."[17]

Argentina's efforts to protect their people's right to be forgotten has been called "the most complete"[by whom?] because individuals are able to correct, delete, or update information about themselves. Overall, their information is bound to remain confidential.

China

In May 2016, Chinese courts in Beijing determined citizens do not have the right to be forgotten when a judge ruled in favor of Baidu in a lawsuit over removing search results.[18] It was the first of such cases to be heard in Chinese court.[18] In the suit, Ren Jiayu sued Chinese search engine Baidu over search results that associated him with a previous employer, Wuxi Taoshi Biotechnology.[18] Ren argued that by posting the search results, Baidu had infringed upon his right of name and right of reputation, both protected under Chinese law.[18] Because of these protections, Ren believed he had a right to be forgotten by removing these search results.[18] The court ruled against Ren, claiming his name is a collection of common characters and as a result the search results were derived from relevant words.[18]

Nowhere in China's civil code are the concepts of privacy or the right to be forgotten discussed.[19] There is no data protection authority, nor a specific state agency in place to monitor the protection of citizens' personal data. In China today[when?], data protection regulation is aimed at consumers, on an individual level, in contrast to the EU's right to privacy, in which the individual is considered a "data subject", with the right to be protected.[20] Chinese legislative progress towards supporting the right to be forgotten is slow. The topic has been debated for more than 10 years now,[when?] and continues to be a challenge. Small provisions have been implemented related to personal data processing, but do not amount to a comprehensive data protection regime.[20] The European Union Directorate-General for Internal Policies has issued policy recommendations on a realistic, rather than a legalistic basis for data protection as to the transfer of data between the EU and China vis-a-vis the latter's lack of compatible regulation in this area.[20]

European Union

Europe's data protection laws do not implement a "right to be forgotten", but a more limited "right to [data] erasure". Variations on the concept a right to be forgotten have existed in Europe for many years, including:

  • In the United Kingdom, such as under the Rehabilitation of Offenders Act of 1974 there is the idea that after a certain period of time many criminal convictions are "spent", meaning that information regarding said person should not be considered when obtaining insurance or seeking employment.
  • In France le droit à l'oubli (the right to be forgotten)[21] was enacted in French Law in 2010.[22]

Views on the right to be forgotten differ greatly between the United States and EU countries. In the United States, transparency, the right of free speech according to the First Amendment, and the "right to know" are typically favored over removing or increasing difficulty to access truthfully published information regarding individuals and corporations. Although the term "right to be forgotten" is a relatively new idea, the European Court of Justice legally solidified that the "right to be forgotten" is a human right when they ruled against Google in the Costeja case on May 13, 2014.[23]

In 1995, the European Union adopted the European Data Protection Directive (Directive 95/46/EC) to regulate the processing of personal data.[24] This is now considered a component of human rights law.[25] The new European General Data Protection Regulation provides protection and exemption for companies listed as "media" companies, like newspapers and other journalistic work. However, Google purposely opted out of being classified as a "media" company, therefore the company is not protected. Judges in the European Union ruled that because the international corporation, Google, is a collector and processor of data it should be classified as a "data controller" under the meaning of the EU data protection directive. These "data controllers" are required under EU law to remove data that is "inadequate, irrelevant, or no longer relevant", making this directive of global importance.[21]

In Article 12 of the Directive 95/46/EC the EU gave a legal basis to Internet protection for individuals.[5]:233 In 2012 the European Commission disclosed a draft European Data Protection Regulation to supersede the directive, which included specific protection in the right to be forgotten in Article 17.[26] A right to be forgotten was replaced by a more limited right of erasure in Article 17 of the version of the GDPR that was adopted by the European Parliament in March 2014 and which became EU law in April 2016.

To exercise the right to be forgotten and request removal from a search engine, one must complete a form through the search engine's website. Google's removal request process requires the applicant to identify their country of residence, personal information, a list of the URLs to be removed along with a short description, and - in some cases - attachment of legal identification.[27] The applicant receives an email from Google confirming the request but the request must be assessed before it is approved for removal. If the request is approved, searches using the individual's name will no longer result in the content appearing in search results. The content remains online and is not erased.[28] After a request is filled, their removals team reviews the request, weighing "the individual's right to privacy against the public's right to know", deciding if the website is "inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed".[29] Google has formed an Advisory Council of various professors, lawyers, and government officials from around Europe to provide guidelines for these decisions.[30] However, the review process is still a mystery to the general public. Guidelines set by EU regulators were not released until November 2014, but Google began to take action on this much sooner than that, which (according to one author) allowed them "to shape interpretation to [their] own ends".[30] In May 2015, eighty academics called for more transparency from Google in an open letter.[31]

The form asks people to select one of the 28 countries that make up the European Union, as well as Iceland, Liechtenstein, Norway, and Switzerland.[32] "The form allows an individual or someone representing an individual to put in a request" for the removal of any URLs believed to be a violation of the individual's privacy.[33] Regardless of who is submitting the form, some form of photo identification of the person the form is being submitted for must be present. This is meant to serve as proof that the person for whom the request was made for does in fact approve.

If Google refuses a request to delink material, Europeans can appeal to their local data protection agency.[34] As of May 2015, the British Data Protection Agency had treated 184 such complaints, and overturned Google's decision in about a quarter of those.[35] If Google fails to comply with a Data Protection Agency decision, it can face legal action.[36]

In July 2014, in the early stages of Google's effort to comply with the court ruling, legal experts questioned whether Google's widely publicized delistings of a number of news articles violated the UK and EU Data Protection Directive, since in implementing the Directive, Google is required to weigh the damage to the person making the request against any public interest in the information being available.[37] Google indeed acknowledged that some of its search result removals, affecting articles that were of public interest, were incorrect, and reinstated the links a week later.[12][38] Commentators like Charles Arthur, technology editor of The Guardian, and Andrew Orlowski of The Register noted that Google is not required to comply with removal requests at all, as it can refer requests to the information commissioner in the relevant country for a decision weighing the respective merits of public interest and individual rights.[12][37][39]

Google notifies websites that have URLs delinked, and various news organizations, such as BBC, have published lists of delinked articles. Complainants have been named in news commentary regarding those delinkings. In August 2015 the British Data Protection Agency issued an enforcement action requiring Google to delink some of these more recent articles from searches for a complainant's name, after Google refused to do so.[40] Google complied with the request.[41] Some academics have criticized news organizations and Google for their behavior.[42][43]

In July 2015, Google accidentally revealed data on delinkings that "shows 95% of Google privacy requests are from citizens out to protect personal and private information – not criminals, politicians and public figures."[44]

This data leak caused serious social consequences for Google as the public expressed their outrage and fear over the information that was recently made public. Though only 5% of requests were made by criminals, politicians, and public figures, the content removed was what sparked the most fear.[45] In particular, one request for data removal was from a British doctor requesting to have 50 links removed on past botched medical procedures. Google agreed to remove three search results containing his personal information.[45] The public voiced their outrage stating that removing such information can be used for manipulation and could lead to innocent people making uninformed decisions. Google responded to the public outrage by saying that when removing content they consider both the right of the individual and public interest.[45]

The European Union has been pushing for the delinkings requested by EU citizens to be implemented by Google not just in European versions of Google (as in google.co.uk, google.fr, etc.), but on google.com and other international subdomains. Regulators want delinkings to be implemented so that the law cannot be circumvented in any way. Google has refused the French Data Protection Agency's demand to apply the right internationally.[46] Due in part to their refusal to comply with the recommendation of the privacy regulating board Google has become the subject of a four-year-long antitrust investigation by the European Commission.[47] In September 2015, the French Data Protection Agency dismissed Google's appeal.[48]

The French Data Protection Agency appealed to the EU courts to seek action on Google for failing to delink across its global servers. In September 2019 the Court of Justice for the EU issued its decision, finding that Google is not required to delink on sites external to the EU, concluding that "Currently, there is no obligation under EU law, for a search engine operator who grants a request for de-referencing made by a data subject ... to carry out such a de-referencing on all the versions of its search engine."[49][50]

As of September 2015, the most delinked site is www.facebook.com. Three of Google's own sites, groups.google.com, plus.google.com and www.youtube.com are among the ten most delinked sites.[41] In addition to Google, Yahoo and Bing have also put up forms for making delinking requests.

In September 2019, the European Court of Justice ruled that the Right to be Forgotten did not apply outside of its member states.[51] The ruling meant that Google did not have to delete the names of individuals from all of its international versions.

In December 2022, the judges in Luxembourg further extended the Right to be Forgotten in the case C-460/20 TU, RE vs Google LLC. The case relates to two managers of a group of investment companies, who argued that three unflattering news articles should be ‘de-referenced’ from the search engine results of Google, when searching for their names. They claimed that the information presented in the articles was factually wrong, which raised the question whether search engine operators need to check the accuracy of the information. Additionally, the applicants required that photographs showing them on preview images — or thumbnails — when carrying out a search, ought to be removed. In this judgment the European Court of Justice largely agreed with the request of the applicants. Search engine operators such as Google are required to de-reference the respective information, if a person who seeks de-referencing submits 'relevant and sufficient' evidence capable of substantiating his or her request, and thereby manifests the inaccuracy of the information found (para. 72). For thumbnails an independent assessment must be carried out, but essentially the same thinking applies.[52]

Caselaw in Spain

In May 2014, the European Court of Justice ruled against Google in Costeja, a case brought by a Spanish man, Mario Costeja González, who requested the removal of a link to a digitized 1998 article in La Vanguardia newspaper about an auction for his foreclosed home, for a debt that he had subsequently paid.[53] He initially attempted to have the article removed by complaining to the Spanish Agency of data protection, which rejected the claim on the grounds that it was lawful and accurate, but accepted a complaint against Google and asked Google to remove the results.[54] Google sued in the Spanish Audiencia Nacional (National High Court) which referred a series of questions to the European Court of Justice.[55] The court ruled in Costeja that search engines are responsible for the content they point to and thus, Google was required to comply with EU data privacy laws.[56][57][58] On its first day of compliance only (May 30, 2014), Google received 12,000 requests to have personal details removed from its search engine.[59]

Caselaw in Germany

On October 27, 2009, lawyers for Wolfgang Werlé who—together with Manfred Lauber—was convicted of murdering Walter Sedlmayr sent the Wikimedia Foundation a cease and desist letter requesting that Werlé's name be removed from the English language Wikipedia article Walter Sedlmayr, citing a 1973 Federal Constitutional Court decision that allows the suppression of a criminal's name in news accounts once he is released from custody.[60][61][62] Previously, Alexander H. Stopp, attorney for Werlé and Lauber, had won a default judgment in German court, on behalf of Lauber, against the Wikimedia Foundation.[60] According to the Electronic Frontier Foundation, Werlé's lawyers also challenged an Internet service provider in Austria which published the names of the convicted killers.[63]

Wikimedia is based in the United States, where the First Amendment protects freedom of speech and freedom of the press. In Germany, the law seeks to protect the name and likenesses of private persons from unwanted publicity.[64] On January 18, 2008, a court in Hamburg supported the personality rights of Werlé, which under German law includes removing his name from archive coverage of the case.[65]

On November 12, 2009, The New York Times reported that Wolfgang Werlé had a case pending against the Wikimedia Foundation in a German court. The editors of the German-language Wikipedia article about Sedlmayr removed the names of the murderers,[60] which have since then been restored to the article. The Guardian observed that the lawsuit has led to the Streisand effect, an upsurge in publicity for the case resulting from the legal action.[66]

On December 15, 2009, the German Federal Court of Justice (Bundesgerichtshof) in Karlsruhe ruled that German websites do not have to check their archives in order to provide permanent protection of personality rights for convicted criminals. The case occurred after the names of the brothers were found on the website of Deutschlandradio, in an archive article dating from July 2000.[67] The presiding judge Gregor Galke stated "This is not a blank check", and pointed out that the right to rehabilitation of offenders had been taken into consideration.[68][69]

On November 28, 2019, the German constitutional court in Karlsruhe ruled that German murderer Paul Termann has the right to be forgotten.[70]

General Data Protection Regulation

Main page: General Data Protection Regulation

The 2012 draft European Data Protection Regulation Article 17 detailed the "right to be forgotten and to erasure".[71] Under Article 17 individuals to whom the data appertains are granted the right to "obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, especially in relation to personal data which are made available by the data subject while he or she was a child or where the data is no longer necessary for the purpose it was collected for, the subject withdraws consent, the storage period has expired, the data subject objects to the processing of personal data or the processing of data does not comply with other regulation".[71]

The EU defines "data controllers" as "people or bodies that collect and manage personal data".[72] The EU General Data Protection Regulation requires data controllers who have been informed that an individual has requested the deletion of any links to or copies of information must "take all reasonable steps, including technical measures, in relation to data for the publication of which the controller is responsible, to inform third parties which are processing such data, that a data subject requests them to erase any links to, or copy or replication of that personal data. Where the controller has authorized a third party publication of personal data, the controller shall be considered responsible for that publication".[71] In the situation that a data controller does not take all reasonable steps then they will be fined heavily.[73]

The European Parliament was once "expected to adopt the proposals in first reading in the April 2013 Plenary session".[74] The right to be forgotten was replaced by a more limited right to erasure in the version of the GDPR adopted by the European Parliament in March 2014.[75][76] Article 17 provides that the data subject has the right to request erasure of personal data related to him on any one of a number of grounds including non-compliance with article 6.1 (lawfulness) that includes a case (f) where the legitimate interests of the controller is overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (see also Costeja).[77][78]

The European Union is a highly influential group of states, and this movement towards the right to be forgotten in the EU is a step towards its global recognition as a right. To support this, in 2012 the Obama Administration released a "Privacy Bill of Rights" to protect consumers online, and while this is not quite the strength of the EU law, it is a step towards recognition of the right to be forgotten.[79]

India

In April 2016, the Delhi High Court began to examine the issue after a Delhi banker requested to have his personal details removed from search results following a marital dispute.[80] In this case, due to the dispute being settled, the banker's request is valid.[80] The High Court has asked for a reply from Google and other search engine companies by September 19, upon which the court will continue to investigate the issue.[81]

In January 2017 the Karnataka High Court upheld the right to be forgotten, in a case involving a woman who originally went to court in order to get a marriage certificate annulled, claiming to have never been married to the man on the certificate.[82] After the two parties came to an agreement, the woman's father wanted her name to be removed from search engines regarding criminal cases in the high court.[82] The Karnataka High Court approved the father's request, stating that she had a right to be forgotten. According to the court, its ruling would align with western countries' decisions, which typically approve of the right to be forgotten when dealing with cases "involving women in general and highly sensitive cases involving rape or affecting the modesty and reputation of the person concerned."[82] The woman in this specific case was worried that the search results would affect her standing with her husband, as well as her reputation in society.[82]

As of February 2017, the Delhi High Court is hearing a case involving a man requesting to have information regarding his mother and wife to be removed from a search engine.[83] The man believes that having his name linked to the search is hindering his employment options.[83] The Delhi High Court is still working on the case, along with the issue of whether or not a right to be forgotten should be a legal standard in India.[83] Currently, there is no legal standard for the right to be forgotten, but if implemented, this would mean that citizens no longer need to file a case in order to request for information from search engines to be removed.[83] This case could have significant impacts on the right to be forgotten and search engines in India.

South Korea

In May 2016, South Korea's Communications Commission (KCC) announced citizens will be able to request search engines and website administrators to restrict their own postings from being publicly accessible.[84] The KCC released "Guidelines on the Right to Request Access Restrictions on Personal Internet Postings",[85] which took effect in June 2016 and do not apply to third party contents.[84] To the extent that the right to be forgotten concerns a data subject's right to limit the searchability of third party postings about him/her, the Guideline does not constitute a right to be forgotten.[86] Also, as to the right to withdraw one's own posting, critics have noted that people have been able to delete their own postings before the Guideline as long as they have retained their login credentials, and that people who have misplaced their login credentials were permitted to retrieve or receive new ones.[87] The only services significantly affected by the Guideline are Wiki-type services where people's contributions make logical sense only in response to or in conjunction with one another's contributions and therefore the postings are made permanent part of the mass-created content, but KCC made sure that the Guideline applies to these services only when the posting identifies the authors.[88]

The guidelines created by the KCC include that data subjects can remove content that includes the URL links, and any evidence consisting of personal information. The commission included different amendments to the guideline. This includes describing the Guidelines as a "minimum" and "preliminary"[89] precaution regarding privacy rights in vague areas of existing laws. The guideline encompasses foreign Internet companies that provide translation services for South Korean consumers. In order to have a person's information "forgotten" he or she has to go through a three step process:[90] the issue posted with the URL, proof of ownership of the post, grounds for the request. There are restrictions on each step. When posting the URL, the web operator has the right to preserve the posting issue. The second being that if the post is relevant to public interest, web operators will process this request on the terms of relevance.

Switzerland

The right to be forgotten was added in the constitution of the Canton of Geneva in the new article 21A[91] right to digital integrity voted on June 18, 2023.

United States

In law

Consideration of the right to be forgotten can be seen in US case law, specifically in Melvin v. Reid, and in Sidis v. FR Publishing Corp.[92]

In Melvin v. Reid (1931), an ex-prostitute was charged with murder and then acquitted; she subsequently tried to assume a quiet and anonymous place in society. However, the 1925 film The Red Kimono revealed her history, and she successfully sued the producer.[93][94] The court reasoned that "any person living a life of rectitude has that right to happiness which includes a freedom from unnecessary attacks on his character, social standing or reputation."[95]

In Sidis v. FR Publishing Corp. (1940), the plaintiff, William James Sidis, was a former child prodigy who wished to spend his adult life quietly, without recognition; however, this was disrupted by an article in The New Yorker.[96] The court held here that there were limits to the right to control one's life and facts about oneself, and held that there is social value in published facts, and that a person cannot ignore their celebrity status merely because they want to.[96]

There is opposition to further recognition of the right to be forgotten in the United States as commentators argue[who?] that it will contravene the right to freedom of speech and freedom of expression, or will constitute censorship, thus potentially breaching peoples' constitutionally protected right to freedom of expression in the United States Constitution.[97] These criticisms are consistent with the proposal that the only information that can be removed by user's request is content that they themselves uploaded.[clarification needed][97][98]

In a June 2014 opinion piece in Forbes, columnist Joseph Steinberg noted that "many privacy protections that Americans believe that they enjoy – even some guaranteed by law – have, in fact, been eroded or even obliterated by technological advances." Steinberg, in explaining the need for legislation guaranteeing the "right to be forgotten", noted that existing laws require adverse information be removed from credit reports after a period of time, and that allowing the sealing or expunging of criminals records are effectively undermined by the ability of prospective lenders or employers to forever find the removed information in a matter of seconds by doing a web search.[99]

On March 11, 2015, Intelligence Squared US, an organization that stages Oxford-Style debates, held an event centered on the question, "Should the U.S. adopt the 'Right to be Forgotten' online?" The side against the motion won with a 56% majority of the voting audience.[100]

While opinions among experts are divided in the U.S., one survey indicated that 9 in 10 Americans want some form of the right to be forgotten.[101] The consumer rights organization Consumer Watchdog has filed a complaint with the Federal Trade Commission for Americans to obtain the right as well.[102]

In March 2017, New York state senator Tony Avella and assemblyman David Weprin introduced a bill proposing that individuals be allowed to require search engines and online speakers to remove information that is "inaccurate", "irrelevant", "inadequate", or "excessive", that is "no longer material to current public debate or discourse" and is causing demonstrable harm to the subject.[103]

By private entities

In January 2021, the Boston Globe announced a program to allow subjects of relatively inconsequential stories to have the stories contextualized, removed from Google searches or anonymized.[104]

Connection to international relations

The regulatory differences in the protection of personal data between countries has real impact on international relations. The right to be forgotten, specifically, is a matter of EU-US relations when applied to cross-border data flow, as it raises questions about territorial sovereignty. The structure of the Westphalian international system assumes that the reach of a country's jurisdiction is limited to its geographic territory.[105] However, online interactions are independent of geographic location and present across multiple locations, rendering the traditional concept of territorial sovereignty moot.[105] Therefore, the EU and the United States are forced to confront their regulatory differences and negotiate on a set of regulations that apply to all foreign companies processing and handling data of European citizens and residents.[105]

The regulatory differences on the right to be forgotten along with numerous other data protection rights have shaped discussions and negotiations on trans-Atlantic data privacy regulations. A case in point is the EU and the United States' endeavors to develop the Safe Harbor agreement, a data transfer pact that enables the transfer of data between the EU and US companies in a manner consistent with the EU's data protection schemes.[106] Article 25 of the Data Protection Directive articulates that cross-border transfer of data can take place only if the "third country in question ensures an adequate level of protection," meaning that the country meets the EU's minimum standards of data protection.[106] The standards include, among many provisions, a component that protects the right to "opt out" of further processing or transmission of personal data, under the assumption that data may not be further processed in ways inconsistent with the intent for which they were collected.[106]

Given the inconsistencies between the EU and the United States on numerous digital privacy regulations, including the right to be forgotten, Article 25 poses a threat to trans-Atlantic data flows. Therefore, the EU and the United States entered into negotiations to mediate the differences through the Safe Harbor agreement, which as a result of debate and discussion between the two parties, requires companies to provide individuals with the choice or opportunity to "opt out" and afford other protections.[106]

Under the pressures of the mass surveillance carried out by the US government on European citizens' data, the Safe Harbor agreement has been invalidated by the European Union Court of Justice in its Schrems case. The Safe Harbor agreement has now been replaced by the Privacy Shield principles.

Response and criticism

Response by reputation management firms

Businesses that manage their clients' online reputations have responded to the European Court ruling by exercising the right to be forgotten as a means to remove unfavorable information.[107] One technique used by reputation consulting firms is to submit multiple requests for each link, written with different angles in an attempt to get links removed. Google, for example, does not limit the number of requests that can be submitted on the removal of a given link.[108]

Criticism

Major criticisms stem from the idea that the right to be forgotten would restrict the right to freedom of speech.[109][110][111] Many nations, and the United States in particular (with the First Amendment to the United States Constitution), have very strong domestic freedom of speech laws, which would be challenging to reconcile with the right to be forgotten.[112] Some academics see that only a limited form of the right to be forgotten would be reconcilable with US constitutional law; the right of an individual to delete data that he or she has personally submitted.[97][98][113] In this limited form of the right individuals could not have material removed that has been uploaded by others, as demanding the removal of information could constitute censorship and a reduction in the freedom of expression in many countries.[114] Sandra Coliver of the Open Society Justice Initiative argues that not all rights must be compatible and this conflict between the two rights is not detrimental to the survival of either.[115]

The draft General Data Protection Regulation was written broadly and this has caused concern.[10] It has attracted criticism that its enactment would require data controlling companies to go to great lengths to identify third parties with the information and remove it.[116] The proposed regulation has also attracted criticism due to the fact that this could produce a censoring effect in that companies, such as Facebook or Google, will wish to not be fined under the act, and will therefore be likely to delete wholesale information rather than facing the fine, which could produce a "serious chilling effect."[116] In addition to this, there are concerns about the requirement to take down information that others have posted about an individual; the definition of personal data in Article 4(2) includes "any information relating to" the individual.[117] This, critics have claimed, would require companies to take down any information relating to an individual, regardless of its source, which would amount to censorship, and result in the big data companies eradicating a lot of data to comply with this.[118] Such removal can impact the accuracy and ability of businesses and individuals to carry out business intelligence, particularly due diligence to comply with anti bribery, anticorruption, and know your customer laws.[119] The right to be forgotten was invoked to remove from Google searches 120 reports about company directors published by Dato Capital, a Spanish company which compiles such reports about private company directors, consisting entirely of information they are required by law to disclose;[119][120] Fortune magazine examined the 64 reports relating to UK directorships, finding that in 27 (42%) the director was the only person named, in the remaining only the director and co-directors were named, and 23 (36%) involve directorships started since 2012.[120]

Other criticism revolves around the principle of accountability.[121]

There were concerns that the proposed General Data Protection Regulation would result in Google and other Internet search engines not producing neutral search results, but rather producing biased and patchy results, and compromising the integrity of Internet-based information.[116] To balance out this criticism, the proposed General Data Protection Regulation included an exception "for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression in order to reconcile the right to the protection of personal data with the rules governing freedom of expression."[71] Article 80 upheld freedom of speech, and while not lessening obligations on data providers and social media sites, nevertheless due to the wide meaning of "journalistic purposes" allows more autonomy and reduces the amount of information that is necessary to be removed.[5]:9 When Google agreed to implement the ruling, European Commission Vice-President Viviane Reding said, "The Court also made clear that journalistic work must not be touched; it is to be protected."[122] However, Google was criticized for taking down (under the Costeja precedent) a BBC News blog post about Stan O'Neal by economics editor Robert Peston (eventually, Peston reported that his blog post has remained findable in Google after all).[123][124] Despite these criticisms and Google's action, the company's CEO, Larry Page worries that the ruling will be "used by other governments that aren't as forward and progressive as Europe to do bad things", though has since distanced himself from that position.[125] For example, pianist Dejan Lazic cited the "Right To Be Forgotten" in trying to remove a negative review about his performance from The Washington Post . He claimed that the critique was "defamatory, mean-spirited, opinionated, offensive and simply irrelevant for the arts".[126][127] and the St. Lawrence parish of the Roman Catholic church in Kutno, Poland asked Google to remove the Polish Wikipedia page about it,[128] (in Polish) without any allegations mentioned therein as of that date.

Index on Censorship claimed that the Costeja ruling "allows individuals to complain to search engines about information they do not like with no legal oversight. This is akin to marching into a library and forcing it to pulp books. Although the ruling is intended for private individuals it opens the door to anyone who wants to whitewash their personal history… The Court's decision is a retrograde move that misunderstands the role and responsibility of search engines and the wider Internet. It should send chills down the spine of everyone in the European Union who believes in the crucial importance of free expression and freedom of information."[129]

In 2014, the Gerry Hutch page on the English Wikipedia was among the first Wikipedia pages to be removed by several search engines' query results in the European Union.[130][131] The Daily Telegraph said, on 6 August 2014, that Wikipedia co-founder Jimmy Wales "described the EU's Right to be Forgotten as deeply immoral, as the organisation that operates the online encyclopedia warned the ruling will result in an Internet riddled with memory holes".[132] Other commentators have disagreed with Wales, pointing to problems such as Google including links to revenge porn sites in its search results,[12][133] and have accused Google of orchestrating a publicity campaign to escape the burdensome obligation to comply with the law.[37][39] Julia Powles, a law and technology researcher at the University of Cambridge, made a rebuttal to Wales' and the Wikimedia Foundation concerns in an editorial published by Guardian, opining that "There is a public sphere of memory and truth, and there is a private one...Without the freedom to be private, we have precious little freedom at all."[134]

In response to the criticism, the EU has released a factsheet to address what it considers myths about the right to be forgotten.[135] In addition to this, for further clarification of the law, the factsheet provides information about the pivotal court case C-131/12 and frequently asked questions regarding Google, the purpose of the law, and how it works.[136]

Other criticisms involving the right to be forgotten revolves around the policies for data removal regarding minors. The U.S. has laws in place that protect the privacy of minors. The California Minor Eraser Law is a law that allows California residents under the age of 18 to request to have information removed that they posted on an online server. The law "applies to websites, social media sites, mobile apps and other online services"[137] and follows "Europe's recognition of the 'right to be forgotten'".[137] This law was put into effect on January 1, 2015 and remains in existence today. Online "service"[138] operators that have services "directed toward minors"[138] must update their privacy policies to include the option to remove data if requested by a minor that is posted on a service.

In the UK, the 2017 Conservative manifesto[139] included a pledge to allow social media platform users to remove outdated information that was posted when they were under the age of 18. "A Tory victory on the 8th of June will lead to those youthful indiscretions on Facebook and Twitter being open to erasure. But there are also plans to fine social media firms for not moving at the speed of political opportunism over extreme content."[139] The United Kingdom has not yet fully adopted the ruling of the European Court of Justice regarding the right to be forgotten and argued to keep it from going into EU law.[citation needed] However, in the upcoming elections in the UK laws could be passed to allow minors to remove embarrassing posts or photos on social media that could come back to affect job applications or public image in later life.

Theresa May, then Prime Minister of the UK, has pushed to extend privacy rights for minors in allowing them to have a right to delete information. The intentions for this extension of privacy are based on the fact that social media sites store years of data that affect minors lives' much later after the information is posted.[140] May gave her stance on privacy when she said, "'The Internet has brought a wealth of opportunity but also significant new risks which have evolved faster than society's response to them'".[140] The Conservative Party, which was headed by May from 2016 to 2019, has pushed for policies that aggressively remove illegal material from the Internet and fine firms that do not take action in removing said material.[140]

In 2015, Commission nationale de l'informatique et des libertés (CNIL) asked Google to remove data from all versions available in any part of the world. Google and other entities argued that European data regulators should not be allowed to decide what Internet users around the world find when they use a search engine.[141]

Research

Conceptual overview of Oblivion

Security researchers from CISPA, Saarland University[142] and the University of Auckland[143] proposed a framework, called Oblivion,[144] to support the automation of the right to be forgotten in a scalable, provable and privacy-preserving manner. Oblivion is a program that helps to "automate" the process of attempting to verify someone's personal information that could be found in a Google search result.[145] Google gets many take-down requests in a short amount of time, and Oblivion might help with this problem. Researchers and authors behind Oblivion say that "it is essential to develop techniques that at least partly automate this process and are scalable to Internet size."[145] Oblivion helps the humans who review the forms at Google ensure that antagonistic users cannot "blacklist links to Internet sources that do not affect them".[145] For example, tests have proven that Oblivion handles requests at a rate of 278 per second.[145] The software allows Google, the government, and the user to work together to get content removed quickly and for just cause. In order to ensure that the program works quickly, is secure for its users and is impervious to fake take-down requests, Oblivion uses a three-part system.

In the first part, Oblivion requires a user to submit identification about themselves – not limited to "name, age, and nationality".[145] Oblivion then enables a user to automatically find and tag his or her disseminated personal information using natural language processing and image recognition techniques and file a request in a privacy-preserving manner. Oblivion will scan the article for attributes that match information that has been submitted by the user. Second, Oblivion provides indexing systems with an automated and provable eligibility mechanism, asserting that the author of a request is indeed affected by an online resource. The author of a request is then issued an "ownership token"[145] that confirms the articles they submitted for evaluation include sensitive personal information. The automated eligibility proof ensures censorship-resistance so that only legitimately affected individuals can request the removal of corresponding links from search results. In the third and last phase, this "ownership token" is submitted to Google, accompanied by the user's concerns as to what information should be deleted.[145] Google's staff is then allowed to decide for themselves if they want to delete this information or not – but thanks to Oblivion, they know that the information in question is valid.

Researchers with Oblivion, however, have noted that it comes with some limitations. The software lacks a human element, therefore it cannot decide on its own "whether or not a piece of information is public interest and should therefore not be removed from Google search results".[145] Researchers have conducted comprehensive evaluations, showing that Oblivion is suitable for large-scale deployment once it is fine-tuned.[145]

Data deletion protocols around the death of a user is another consideration.[146]

See also

References

  1. Vaas, Lisa (25 September 2019). "Google wins landmark case: Right to be forgotten only applies in EU". https://nakedsecurity.sophos.com/2019/09/25/google-wins-landmark-case-right-to-be-forgotten-only-applies-in-eu/. 
  2. Sreeharsha, Vinod (19 August 2010). "Google and Yahoo Win Appeal in Argentine Case". New York Times. https://www.nytimes.com/2010/08/20/technology/internet/20google.html?_r=0. 
  3. "El derecho al olvido en Internet se deberá aplicar también en la Capital Federal" (in es). La Nación. 17 October 2014. http://www.lanacion.com.ar/1736360-el-derecho-al-olvido-en-internet-se-debera-aplicar-tambien-en-la-capital-federal. 
  4. "Implementing Rules and Regulations of the Data Privacy Act of 2012". August 24, 2016. https://www.privacy.gov.ph/implementing-rules-regulations-data-privacy-act-2012/. 
  5. 5.0 5.1 5.2 Mantelero, Alessandro (2013). "The EU Proposal for a General Data Protection Regulation and the roots of the 'right to be forgotten'". Computer Law & Security Review 29 (3): 229–235. doi:10.1016/j.clsr.2013.03.010. http://porto.polito.it/2506410/. 
  6. 6.0 6.1 6.2 Weber, Rolf H. (2011). "The right to be forgotten: more than a Pandora's Box?". Journal of Intellectual Property, Information Technology and E-Commerce Law 2: 120–130. https://www.jipitec.eu/issues/jipitec-2-2-2011/3084. 
  7. Pino, G. (2000). "The right to personal identity in Italian private law: Constitutional interpretation and judge-made rights". in Van Hoecke, M.; Ost, F.. The harmonization of private law in Europe. Oxford: Hart. pp. 225–237. 
  8. Hill, Kashmir (July 6, 2011). "Revenge Porn With A Facebook Twist". Forbes. https://www.forbes.com/sites/kashmirhill/2011/07/06/revenge-porn-with-a-facebook-twist. 
  9. Crovitz, L. Gordon (2010-11-15). "Crovitz: Forget any 'Right to Be Forgotten'". The Wall Street Journal. https://www.wsj.com/articles/SB10001424052748704658204575610771677242174. 
  10. 10.0 10.1 Fleischer, Peter (2011-03-09). "Privacy...?: Foggy thinking about the Right to Oblivion". Peterfleischer.blogspot.co.nz. http://peterfleischer.blogspot.co.nz/2011/03/foggy-thinking-about-right-to-oblivion.html. 
  11. Mayes, Tessa (2014-05-21). "We have no right to be forgotten online". The Guardian. https://www.theguardian.com/commentisfree/libertycentral/2011/mar/18/forgotten-online-european-union-law-internet. 
  12. 12.0 12.1 12.2 12.3 Arthur, Charles (4 July 2014). "What is Google deleting under the 'right to be forgotten' - and why? What if there were a page on a 'revenge porn' site about you - would you want to use Google's 'right to be forgotten' to get it taken out of search?". The Guardian. https://www.theguardian.com/technology/2014/jul/04/what-is-google-deleting-under-the-right-to-be-forgotten-and-why. 
  13. Villamar, Lawrence (September 22, 2015). "Expert: Google Cannot Escape French Law on Right to Be Forgotten". Yibada. http://en.yibada.com/articles/66331/20150922/expert-google-escape-french-law-right-forgotten.htm. 
  14. "La Justicia Argentina Sobreseyó a Adriana Noreña, Directora General de Google". Infotechnology.com. 2012-09-21. http://www.infotechnology.com/internet/La-Justicia-argentina-sobreseyo-a-Adriana-Norea-presidente-de-Google.hmtl-20120604-0005.html. 
  15. Carter, Edward L. "Argentina's Right to Be Forgotten." Emory International Law Review. 27 (2013): pg 23.
  16. "Search engines not responsible for content". 2013-09-05. http://www.buenosairesherald.com/article/139989/. 
  17. 17.0 17.1 17.2 17.3 17.4 Carter, Edward (January 2013). "Argentina's Right to be Forgotten". Emory International Law Review 27 (1): 23. http://law.emory.edu/eilr/content/volume-27/issue-1/recent-developments/argentinas-right-to-be-forgotten.html. 
  18. 18.0 18.1 18.2 18.3 18.4 18.5 Sixth Tone (2016-05-05). "Chinese Have No Right to Be Forgotten, Court Rules". http://www.sixthtone.com/news/chinese-have-no-right-be-forgotten-court-rules. 
  19. Jingchun, Cao. "Protecting the Right to Privacy in China". http://www.victoria.ac.nz/law/research/publications/vuwlr/prev-issues/pdf/vol-36-2005/issue-3/jingchun.pdf. 
  20. 20.0 20.1 20.2 Hert, Paul; Papakonstantinou, Vagelis. "Policy Department Citizen's Right and Constitutional Affairs". http://www.europarl.europa.eu/RegData/etudes/IDAN/2015/536472/IPOL_IDA%282015%29536472_EN.pdf. 
  21. 21.0 21.1 Arthur, Charles (14 May 2014). "Explaining the 'right to be forgotten' – the newest cultural shibboleth". The Guardian. https://www.theguardian.com/technology/2014/may/14/explainer-right-to-be-forgotten-the-newest-cultural-shibboleth. 
  22. (in FR) Charte sur la publicité ciblée et la protection des internautes, Secrétariat d'Etat chargé de la Prospective et du Développement de l'économie numérique, 2010, http://www.huntonfiles.com/files/webupload/PrivacyLaw_Charte_publicite.pdf 
  23. Lynskey, Orla (May 2015). "Control over Personal Data in a Digital Age: Google Spain v AEPD and Mario Costeja Gonzalez.". Modern Law Review 78 (3): 522–534. doi:10.1111/1468-2230.12126. http://eprints.lse.ac.uk/61944/1/__lse.ac.uk_storage_LIBRARY_Secondary_libfile_shared_repository_Content_Lynskey%2C%20O_Control%20personal%20data_Lynskey_Control%20personal%20data_2015.pdf. 
  24. Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. EU Directive 1995.
  25. Mitrou, Lilian; Karyda, Maria (2012). "EU's Data Protection Reform and the right to be forgotten—A legal response to a technological challenge?". 5th International Conference of Information Law and Ethics: 29–30. 
  26. European Commission. Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and On the Free Movement of Such Data (General Data Protection Regulation). 2012/0011 (COD). Article 17. Right to be forgotten and To Erasure
  27. "EU Privacy Removal". https://www.google.com/webmasters/tools/legal-removal-request?complaint_type=rtbf&visit_id=637264162986382812-1359959225&rd=1. 
  28. "How Google's New "Right To Be Forgotten" Form Works: An Explainer". Search Engine Land. 30 May 2014. http://searchengineland.com/google-right-to-be-forgotten-form-192837. 
  29. Brindle, Beth (4 March 2015). "How can Google forget you?". http://computer.howstuffworks.com/how-can-google-forget-you.htm. 
  30. 30.0 30.1 Powles, Julia; Chaparro, Enrique. "How Google determined our right to be forgotten". The Guardian. https://www.theguardian.com/technology/2015/feb/18/the-right-be-forgotten-google-search. 
  31. Kiss, Jemima (14 May 2015). "Dear Google: open letter from 80 academics on 'right to be forgotten'". https://www.theguardian.com/technology/2015/may/14/dear-google-open-letter-from-80-academics-on-right-to-be-forgotten. 
  32. "Search Removal Request Under Data Protection Law in Europe". https://support.google.com/legal/contact/lr_eudpa?product=websearch. 
  33. Sullivan, Danny (30 May 2014). "How Google's New 'Right to be Forgotten' Form Works: An Explainer". Search Engine Land. http://searchengineland.com/google-right-to-be-forgotten-form-192837. 
  34. Arthur, Charles (27 June 2014). "Google removing 'right to be forgotten' search links in Europe". https://www.theguardian.com/technology/2014/jun/26/google-removing-right-to-be-forgotten-links. 
  35. Martin, Alexander J.. "'Right to be forgotten' festers as ICO and Google come to blows". https://www.theregister.co.uk/2015/05/14/ico_google_clash_right_to_be_forgotten/. 
  36. Dean, James. "Google could face legal action over 'right to be forgotten' rejections". http://www.thetimes.co.uk/tto/technology/internet/article4438460.ece. 
  37. 37.0 37.1 37.2 Orlowski, Andrew (4 July 2014). "Google de-listing of BBC article 'broke UK and Euro public interest laws' - So WHY do it?". The Register. https://www.theregister.co.uk/2014/07/04/google_peston_bbc_delisting_not_compliant_w_public_interest_law_says_expert/. 
  38. Drummond, David (10 July 2014). "We need to talk about the right to be forgotten". The Guardian. https://www.theguardian.com/commentisfree/2014/jul/10/right-to-be-forgotten-european-ruling-google-debate. 
  39. 39.0 39.1 Orlowski, Andrew (17 June 2014). "Slippery Google greases up, aims to squirm out of EU privacy grasp. Will the huge advertising firm manage to spin its way free of the law?". The Register. https://www.theregister.co.uk/2014/06/17/for_mon_how_google_plans_to_torpedo_your_privacy_rights/. 
  40. Gibbs, Samuel (20 August 2015). "Google ordered to remove links to 'right to be forgotten' removal stories". https://www.theguardian.com/technology/2015/aug/20/google-ordered-to-remove-links-to-stories-about-right-to-be-forgotten-removals. 
  41. 41.0 41.1 "Transparency Report. European privacy requests for search removals". https://www.google.com/transparencyreport/removals/europeprivacy/?hl=en. 
  42. Powles, Julia (July 2015). "Why the BBC is wrong to republish 'right to be forgotten' links". https://www.theguardian.com/technology/2015/jul/01/bbc-wrong-right-to-be-forgotten. 
  43. Boiten, Eerke. "Privacy watchdog takes first step against those undermining right to be forgotten". http://theconversation.com/privacy-watchdog-takes-first-step-against-those-undermining-right-to-be-forgotten-46495. 
  44. Tippmann, Sylvia; Powles, Julia (14 July 2015). "Google accidentally reveals data on 'right to be forgotten' requests". https://www.theguardian.com/technology/2015/jul/14/google-accidentally-reveals-right-to-be-forgotten-requests. 
  45. 45.0 45.1 45.2 Tippmann, Sylvia; Powles, Julia (2015-07-14). "Google accidentally reveals data on 'right to be forgotten' requests" (in en-GB). The Guardian. ISSN 0261-3077. https://www.theguardian.com/technology/2015/jul/14/google-accidentally-reveals-right-to-be-forgotten-requests. 
  46. Hern, Alex (30 July 2015). "Google says non to French demand to expand right to be forgotten worldwide". https://www.theguardian.com/technology/2015/jul/30/google-rejects-france-expand-right-to-be-forgotten-worldwide. 
  47. "EU wants 'right to be forgotten' applied globally". CNET. CBS Interactive. https://www.cnet.com/news/eu-wants-right-to-be-forgotten-applied-globally/. 
  48. Gibbs, Samuel (21 September 2015). "French data regulator rejects Google's right-to-be-forgotten appeal". https://www.theguardian.com/technology/2015/sep/21/french-google-right-to-be-forgotten-appeal. 
  49. Chee, Foo Yun (24 September 2019). "Google wins landmark case limiting 'right to be forgotten' to Europe". Reuters. https://www.reuters.com/article/us-eu-alphabet-privacy/google-wins-right-to-beforgotten-fight-with-france-idUSKBN1W90R5?feedType=RSS&feedName=technologyNews. 
  50. "Press Release No112/19". Court of Justice of the European Union. 24 September 2019. https://curia.europa.eu/jcms/upload/docs/application/pdf/2019-09/cp190112en.pdf. 
  51. Corfield, Gareth. "EU court rules Right To Be Forgotten doesn't apply outside member states" (in en). https://www.theregister.com/2019/09/24/eu_court_justice_right_to_be_forgotten_ruling/. 
  52. Gstrein, Oskar Josef (2022). "The Right to be Forgotten in 2022-Luxembourg judges keep surfing the legislative void" (in en). Verfassungsblog: On Matters Constitutional. doi:10.17176/20221220-121718-0. https://verfassungsblog.de/rtbf-2022/. Retrieved 2023-01-14. 
  53. Powles, Julia (15 May 2014). "What we can salvage from 'right to be forgotten' ruling". Wired.co.uk. https://www.wired.co.uk/news/archive/2014-05/15/google-vs-spain. 
  54. Solon, Olivia (13 May 2014). "People have the right to be forgotten, rules EU court". Wired.co.uk. Conde Nast Digital. https://www.wired.co.uk/news/archive/2014-05/13/right-to-be-forgotten-ruling. 
  55. European Court of Justice (13 May 2014). "Judgment of the Court of Justice in Case C-131/12: An internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties" (Press release). Luxembourg. Retrieved 13 May 2014.
  56. "EU court backs 'right to be forgotten' in Google case". BBC News. 13 May 2014. https://www.bbc.com/news/world-europe-27388289. 
  57. "EU court rules Google must tweak search results in test of 'right to be forgotten'". CBS News. 13 May 2014. http://www.cbsnews.com/news/eu-court-google-must-tweak-search-results-right-to-be-forgotten/. 
  58. Streitfeld, David (13 May 2014). "European Court Lets Users Erase Records on Web". New York Times. https://www.nytimes.com/2014/05/14/technology/google-should-erase-web-links-to-some-personal-data-europes-highest-court-says.html. 
  59. "Removal of Google personal information could become work intensive". Europe News.Net. http://www.europenews.net/index.php/sid/222490797/scat/88176adfdf246af5/ht/Removal-of-Google-personal-information-could-become-work-intensive. 
  60. 60.0 60.1 60.2 Schwartz, John (November 12, 2009). "Two German Killers Demanding Anonymity Sue Wikipedia's Parent". New York Times. https://www.nytimes.com/2009/11/13/us/13wiki.html. "Wolfgang Werlé and Manfred Lauber became infamous for killing a German actor in 1990. Now they are suing to force Wikipedia to forget them." 
  61. Kravets, David (November 11, 2009). "Convicted Murderer Sues Wikipedia, Demands Removal of His Name". Wired News. https://www.wired.com/threatlevel/2009/11/wikipedia_murder. "Wikipedia is under a censorship attack by a convicted murderer who is invoking Germany's privacy laws in a bid to remove references to his killing of a Bavarian actor in 1990." 
  62. "Cease and Desist letter", Wired News, 2009, https://www.wired.com/images_blogs/threatlevel/2009/11/stopp.pdf 
  63. "Wikipedia sued for publishing convicted murderer's name". The Register. https://www.theregister.co.uk/2009/11/12/wikipedia_sued_by_convicted_murderer. 
  64. Granick, Jennifer (10 November 2009). "Convicted Murderer To Wikipedia: Shhh!". Electronic Frontier Foundation. https://www.eff.org/deeplinks/2009/11/murderer-wikipedia-shhh. "Who killed Sedlmayr? Its [sic] a matter of public record, but if one of the men and his German law firm gets their way, Wikipedia (and EFF) will not be allowed to tell you. A few days ago, the online encyclopedia received a cease and desist letter from one of the convicts—represented by the aptly named German law firm Stopp and Stopp—demanding that the perpetrator's name be taken off of the Sedlmayr article page." 
  65. "Abwägung bei einem Unterlassungsanspruch zwischen dem Recht auf freie Meinungsäußerung und dem Persönlichkeitsrecht (Resozialisierung) bei elektronischen Pressearchiven einen Mordfall betreffend" (in de). Hamburger Justiz. 18 January 2008. http://www.landesrecht.hamburg.de/jportal/portal/page/bshaprod.psml;jsessionid=D0EE59E4F4B727BF37EAB3766448FAB8.jpj4?showdoccase=1&doc.id=JURE080001422. 
  66. Arthur, Charles (November 13, 2009). "Wikipedia sued by German killers in privacy claim". The Guardian (London). https://www.theguardian.com/technology/2009/nov/13/wikipedia-sued-privacy-claim. 
  67. "Vor 10 Jahren – Walter Sedlmayr ermordet" (in de). Deutschlandradio. 14 July 2000. http://www.dradio.de/dlr/sendungen/kalender/127148/. 
  68. "Namen der Sedlmayr-Mörder bleiben online". Süddeutsche Zeitung. http://www.sueddeutsche.de/computer/410/497712/text/. 
  69. "BGH-Urteil – Keine ständige Kontrolle von Online-Archiven" (in de). Focus. December 15, 2009. http://www.focus.de/digital/internet/bgh-urteil-keine-staendige-kontrolle-von-online-archiven_aid_463464.html. 
  70. "Bundesverfassungsgericht - Entscheidungen - Auch bei gleichzeitiger Geltung der Unionsgrundrechte prüft das Bundesverfassungsgericht primär die deutschen Grundrechte *** Online-Pressearchive können zu Schutzvorkehrungen gegen die zeitlich unbegrenzte Verbreitung personenbezogener Berichte durch Suchmaschinen verpflichtet sein". 6 November 2019. https://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/DE/2019/11/rs20191106_1bvr001613.html. 
  71. 71.0 71.1 71.2 71.3 Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), European Commission, 2012, Article 17 "Right to be forgotten and to erasure", http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf 
  72. "Who can collect and process personal data? - Justice". Ec.europa.eu. 2014-06-26. http://ec.europa.eu/justice/data-protection/data-collection/index_en.htm. 
  73. "European Parliament gives overwhelming backing to new EU data protection laws". Out-law.com. March 12, 2014. http://www.out-law.com/en/articles/2014/march/european-parliament-gives-overwhelming-backing-to-new-eu-data-protection-laws/. 
  74. "EUROPA - Press Releases - Press release - Data Protection Day 2014: Full Speed on EU Data Protection Reform". Europa.eu. January 27, 2014. http://europa.eu/rapid/press-release_MEMO-14-60_en.htm. 
  75. Baldry, Tony; Hyams, Oliver (15 May 2014). "The Right to Be Forgotten". 1 Essex Court. http://1essexcourt.wordpress.com/2014/05/15/the-right-to-be-forgotten/. 
  76. "European Parliament legislative resolution of 12 March 2014 on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)". European Parliament. http://www.europarl.europa.eu/sides/getDoc.do?type=TA&reference=P7-TA-2014-0212&language=EN. 
  77. Powles, Julia (21 May 2014). "What did the media miss with the 'right to be forgotten' coverage?". The Guardian. https://www.theguardian.com/technology/2014/may/21/what-did-the-media-miss-with-the-right-to-be-forgotten-coverage. 
  78. "Factsheet on the 'Right to be Forgotten' ruling (case C-131/12)". European Commission. http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf. 
  79. "Fact Sheet: Plan to Protect Privacy in the Internet Age by Adopting a Consumer Privacy Bill of Rights | The White House". whitehouse.gov. 2012-02-23. https://obamawhitehouse.archives.gov/the-press-office/2012/02/23/fact-sheet-plan-protect-privacy-internet-age-adopting-consumer-privacy-b. 
  80. 80.0 80.1 "Delhi banker seeks 'right to be forgotten' online". May 2016. http://timesofindia.indiatimes.com/india/Delhi-banker-seeks-right-to-be-forgotten-online/articleshow/52060003.cms. 
  81. "What is the Right to be Forgotten and how it could affect you?". http://www.catchnews.com/tech-news/what-is-the-right-to-be-forgotten-and-how-it-will-affect-you-1462532182.html. 
  82. 82.0 82.1 82.2 82.3 "In A First An Indian Court Upholds The 'Right To Be Forgotten' [Read Order | Live Law"]. Live Law. 2017-02-03. http://www.livelaw.in/first-indian-court-upholds-right-forgotten-read-order/. 
  83. 83.0 83.1 83.2 83.3 "Right to be forgotten: How a prudent Karnataka HC judgment could pave the way for privacy laws in India". Firstpost. 2017-02-07. http://www.firstpost.com/india/right-to-be-forgotten-how-a-prudent-karnataka-hc-judgment-could-pave-the-way-for-privacy-laws-in-india-3270938.html. 
  84. 84.0 84.1 "South Korea Releases Right to Be Forgotten Guidance". http://www.bna.com/south-korea-releases-n57982070847/. 
  85. Guidelines on the Right to Request Access Restrictions on Personal Internet Postings"
  86. "방통위, '잊혀질 권리 가이드라인' 제정". 2016-03-25. http://www.hani.co.kr/arti/economy/it/736858.html. 
  87. 심재석 (2016-04-01). "[심재석의 입장 방통위의 이상한 '잊혀질 권리 가이드라인'"]. http://byline.network/2016/04/1-94/. 
  88. "'네이버 지식iN' 질문 글, 개인정보 남아 있을 때만 '잊혀질 권리' 적용". http://news.chosun.com/site/data/html_dir/2016/06/29/2016062902224.html. 
  89. Lim, James. "South Korea Releases Right to Be Forgotten Guidance". https://www.bna.com/south-korea-releases-n57982070847/. 
  90. Yulchon LLC. "Korea Communications Commission Releases Guidelines On "The Right to Be Forgotten"". http://www.mondaq.com/x/561018/IT+internet/Korea+Communications+Commission+Releases+Guidelines+On+The+Right+To+Be+Forgotten. 
  91. Loi constitutionnelle modifiant la constitution de la République et canton de Genève (Cst-GE) (Pour une protection forte de l’individu dans l’espace numérique) (12945), ([1])
  92. Melvin v. Reid, 112 Cal.App. 285, 297 P. 91 (1931); Sidis v F-R Publishing Corporation 311 U.S. 711 61 S. Ct. 393 85 L. Ed. 462 1940 U.S.
  93. Melvin v. Reid, 112 Cal.App. 285, 297 P. 91 (1931)
  94. Friedman, Lawrence Meir (2007). "The Red Kimono [sic]: The Saga of Gabriel Darley Melvin". Guarding Life's Dark Secrets: Legal and Social Controls over Reputation, Propriety, and Privacy. Stanford University Press. pp. 217–225. ISBN 978-0-8047-5739-3. https://archive.org/details/guardinglifesdar00frie. 
  95. Melvin v. Reid, 112 Cal.App. 285, 297 P. 91 (1931) at 852-853
  96. 96.0 96.1 Sidis v F-R Publishing Corporation 311 U.S. 711 61 S. Ct. 393 85 L. Ed. 462 1940 U.S.
  97. 97.0 97.1 97.2 Hendel, John (2012-01-25). "Why Journalists Shouldn't Fear Europe's 'Right to be Forgotten'". The Atlantic. https://www.theatlantic.com/technology/archive/2012/01/why-journalists-shouldnt-fear-europes-right-to-be-forgotten/251955/. 
  98. 98.0 98.1 Walker, Robert K. "The Right to be forgotten." 64 Hastings Law Journal 257, 2012. Pg 257.
  99. Steinberg, Joseph (2014-06-02). "Your Privacy Is Now At Risk From Search Engines -- Even If The Law Says Otherwise". Forbes. https://www.forbes.com/sites/josephsteinberg/2014/06/02/your-privacy-is-now-at-risk-from-search-engines-even-if-the-law-says-otherwise/. 
  100. "The U.S. Should Adopt the 'Right to Be Forgotten' Online". intelligencesquaredus.org. http://intelligencesquaredus.org/debates/past-debates/item/1252-the-u-s-should-adopt-the-right-to-be-forgotten-online. 
  101. Coffee, Patrick. "Hey Google: 9 in 10 Americans Want the 'Right to Be Forgotten'". http://www.adweek.com/prnewser/hey-google-9-in-10-americans-want-the-right-to-be-forgotten/111218. 
  102. Eng, James. "Consumer Watchdog: Google Should Extend 'Right To Be Forgotten' to U.S.". http://www.nbcnews.com/tech/internet/consumer-watchdog-google-should-extend-right-be-forgotten-u-s-n388131. 
  103. "N.Y. bill would require people to remove 'inaccurate,' 'irrelevant,' 'inadequate' or 'excessive' statements about others". Washington Post. https://www.washingtonpost.com/news/volokh-conspiracy/wp/2017/03/15/n-y-bill-would-require-people-to-remove-inaccurate-irrelevant-inadequate-or-excessive-statements-about-others/. 
  104. "The Globe's Fresh Start initiative: Submit your appeal - The Boston Globe". https://www.bostonglobe.com/2021/01/22/metro/globes-fresh-start-initiative-submit-your-appeal/. 
  105. 105.0 105.1 105.2 Kobrin, Stephen J. (2004). "Safe harbours are hard to find: the trans-Atlantic data privacy dispute, territorial jurisdiction and global governance". Review of International Studies 30: 111–131. doi:10.1017/S0260210504005856. https://repository.upenn.edu/cgi/viewcontent.cgi?article=1075&context=mgmt_papers. 
  106. 106.0 106.1 106.2 106.3 The Council: Common Position (EC) no. 95
  107. "The Inevitable Happened: First Company Provides "Right To Be Forgotten" Removal Service". Search Engine Land. 2014-06-25. http://searchengineland.com/reputation-vip-online-management-firm-launches-site-assist-googles-forget-form-194998. 
  108. Scott, Mark (2014-07-08). "European Companies See Opportunity in the 'Right to Be Forgotten'". The New York Times. ISSN 0362-4331. https://www.nytimes.com/2014/07/09/technology/european-companies-see-opportunity-in-the-right-to-be-forgotten.html. 
  109. Volokh, Eugene (2000). "Freedom of Speech, Information Privacy, and the Troubling Implications of a Right to Stop People from Speaking about You". Stanford Law Review 52 (5): 1049–1124. doi:10.2307/1229510. 
  110. Solove, Daniel J. (2003). "The Virtues of Knowing Less: Justifying Privacy Protections against Disclosure". Duke Law Journal 53 (3): 967–1065 [p. 976]. 
  111. Mayes, Tessa (18 March 2011). "We have no right to be forgotten online". The Guardian. https://www.theguardian.com/commentisfree/libertycentral/2011/mar/18/forgotten-online-european-union-law-internet. 
  112. Whitman, James Q. (2004). "The Two Western Cultures of Privacy: Dignity Versus Liberty". Yale Law Journal 113 (6): 1151–1221 [p. 1161–2]. doi:10.2307/4135723. https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=1647&context=fss_papers. 
  113. Ryan, Timothy (2011-05-02). "The Right To Be Forgotten: Questioning The Nature Of Online Privacy". PSFK. http://www.psfk.com/2011/05/the-right-to-be-forgotten-questioning-the-nature-of-online-privacy.html. 
  114. Bernal, Paul Alexander (2011). "A right to delete?". European Journal of Law and Technology 2 (2). http://ejlt.org/article/view/75/144. Retrieved 2014-05-14. 
  115. Coliver, Sandra. Editor. "Striking a Balance. Hate Speech, Freedom of Expression and Non-Discrimination." Article 19. (1992) International Centre against Censorship. Human Rights Centre. University of Essex.
  116. 116.0 116.1 116.2 Rosen, Jeffrey (February 13, 2012). "The Right to Be Forgotten". Stanford Law Review. http://www.stanfordlawreview.org/online/privacy-paradox/right-to-be-forgotten. 
  117. "Document 52012PC0011 — Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)". Eur-lex.europa.eu. 3.4.1. Chapter I - General Provisions, Article 4. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52012PC0011. 
  118. "Privacy laws: Private data, public rules". The Economist. 2012-01-28. http://www.economist.com/node/21543489. 
  119. 119.0 119.1 Wright, Jason (19 January 2015). "Some Things Should Not Be 'Forgotten'". The Wall Street Journal. https://www.wsj.com/articles/jason-wright-some-things-should-not-be-forgotten-1421689011. "Consider the necessity for accurate business intelligence. Antibribery laws and "know your customer" regulations often require companies and individuals to do due-diligence checks on entities they want to do business with… The requirement for proper due diligence instils confidence, helps to prevent fraud and corruption, and informs businesses about potential risks… Several cases already illustrate how the "right to be forgotten" impedes business intelligence. Fortune magazine reported last year on Dato Capital, a company that compiles reports on the directors of private companies based in the United Kingdom and Spain… Dato's reports contained information that companies and directors are often required by law to disclose publicly, such as debt and financial history. Bleaching this from search results has made it more difficult for potential investors and business partners to understand the profile and history of individuals with whom they were considering doing business." 
  120. 120.0 120.1 Parloff, Roger (21 October 2014). "Company directors are deep-sixing Google links citing 'right to be forgotten'". Fortune. http://fortune.com/2014/10/21/company-directors-deep-sixing-google-links/. 
  121. Zittrain, Jonathan (13 July 2014). "The right to be forgotten ruling leaves nagging doubts". Financial Times. http://www.ft.com/intl/cms/s/0/c5d17a80-0910-11e4-8d27-00144feab7de.html#axzz3gL6XFlzC. 
  122. "'Right to be forgotten' and online search engines ruling" (Press release). European Commission. 2014-06-03. Retrieved 2014-07-03.
  123. Peston, Robert (2 July 2014). "Why has Google cast me into oblivion?". BBC News. https://www.bbc.com/news/business-28130581. 
  124. Scheer, Peter Z. (July 2, 2014). "The 'Right to Be Forgotten' Is Already Messing Up Journalism". Truthdig. http://www.truthdig.com/eartotheground/item/the_right_to_be_forgotten_is_already_messing_up_journalism_20140702. 
  125. Gibbs, Samuel (24 July 2014). "Google hauled in by Europe over 'right to be forgotten' reaction". The Guardian. https://www.theguardian.com/technology/2014/jul/24/google-hauled-in-by-europe-over-right-to-be-forgotten-reaction. 
  126. "Musician attempts use EU Right To Be Forgotten to hide a bad review". http://eurighttobeforgotten.com/musician-attempts-use-eu-right-forgotten-hide-bad-review/. 
  127. Dewey, Caitlin. "Pianist asks The Washington Post to remove a concert review under the E.U.'s 'right to be forgotten' ruling". The Washington Post. https://www.washingtonpost.com/news/the-intersect/wp/2014/10/31/pianist-asks-the-washington-post-to-remove-a-concert-review-under-the-e-u-s-right-to-be-forgotten-ruling/. 
  128. "Notice of removal from Google Search". WikiMedia Foundation. http://m.wikimediafoundation.org/wiki/Notices_received_from_search_engines#/image/File:Pl1RTBF.pdf. 
  129. "Index blasts EU court ruling on "right to be forgotten"". Index on Censorship. 2014-05-13. http://www.indexoncensorship.org/2014/05/index-blasts-eu-court-ruling-right-forgotten/. 
  130. Chubb, Karla. "Request made to remove Gerry 'The Monk' Hutch from EU search results". Newstalk. http://www.newstalk.ie/Gerry-The-Monk-Hutch-one-of-first-to-request-removal-of-Wikipedia-page. 
  131. Curties, Sophie; Philipson, Alice (6 August 2014). "Wikipedia founder: EU's Right to be Forgotten is 'deeply immoral'". The Daily Telegraph. https://www.telegraph.co.uk/technology/wikipedia/11015901/EU-ruling-on-link-removal-deeply-immoral-says-Wikipedia-founder.html. 
  132. "Wikipedia founder: EU's Right to be Forgotten is 'deeply immoral'". The Telegraph. 6 August 2014. https://www.telegraph.co.uk/technology/wikipedia/11015901/EU-ruling-on-link-removal-deeply-immoral-says-Wikipedia-founder.html. 
  133. Edwards, Lilian (29 July 2014). "Revenge porn: why the right to be forgotten is the right remedy". The Guardian. https://www.theguardian.com/technology/2014/jul/29/revenge-porn-right-to-be-forgotten-house-of-lords. 
  134. Powles, Julia (8 August 2014). "Jimmy Wales is wrong: we do have a personal right to be forgotten". The Guardian. https://www.theguardian.com/technology/2014/aug/08/jimmy-wales-right-to-be-forgotten-wikipedia. 
  135. "Mythbuster: The Court of Justice of the EU and the "Right to be Forgotten"". 18 September 2014. http://ec.europa.eu/justice/newsroom/data-protection/news/140918_en.htm. 
  136. "Factsheet on the 'Right to be Forgotten' ruling". https://www.inforights.im/media/1186/cl_eu_commission_factsheet_right_to_be-forgotten.pdf. 
  137. 137.0 137.1 "California enacts "Right to be Forgotten" for Minors - Data Protection Report". Data Protection Report. 2015-01-14. http://www.dataprotectionreport.com/2015/01/california-enacts-right-to-be-forgotten-for-minors/. 
  138. 138.0 138.1 Lewis, Morgan; Kapoor, Bockius LLP-Rahul; Hirsch, W. Reece; Yaghoubi, Shokoh H. (12 July 2016). "Get to Know California's 'Online Eraser' Law | Lexology". http://www.lexology.com/library/detail.aspx?g=5c1e37a5-3b96-4b52-84df-5b5c89a4f2f7. 
  139. 139.0 139.1 "UK Election 2017 - Tories offer under-18s the Right to be Forgotten, threaten big fines for social media firms". 2017-05-15. http://diginomica.com/2017/05/15/election-2017-tories-offer-18s-right-forgotten-threaten-big-fines-social-media-firms/. 
  140. 140.0 140.1 140.2 "May Tells Facebook to Offer Kids the Right to Delete Information". Bloomberg.com. 2017-05-12. https://www.bloomberg.com/politics/articles/2017-05-12/may-tells-facebook-to-offer-kids-right-to-delete-information. 
  141. "France tries to impose 'Right to be Forgotten' globally. Google fights". September 17, 2018. https://previewtech.net/right-to-be-forgotten-globally-google-cnil-france/. 
  142. "CISPA: The Center for IT-Security, Privacy, and Accountability". http://cispa.saarland. 
  143. "School of Computer Science - The University of Auckland". https://www.auckland.ac.nz/en/science/about-the-faculty/school-of-computer-science.html. 
  144. Simeonovski, Milivoj; Bendun, Fabian; Asghar, Muhammad Rizwan; Backes, Michael; Marnau, Ninja; Druschel, Peter (2015). "Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information". arXiv:1506.06033 [cs.CR].
  145. 145.0 145.1 145.2 145.3 145.4 145.5 145.6 145.7 145.8 "'Oblivion' Is the Software That Could Automate the 'Right to Be Forgotten'". 22 June 2015. http://motherboard.vice.com/read/oblivion-is-the-software-that-could-automate-the-right-to-be-forgotten. 
  146. Lott-Lavigna, Ruby (17 February 2019). "The weird rise of cyber funerals". Wired UK. https://www.wired.co.uk/article/cyber-funerals. Retrieved 19 February 2019. 

Further reading

Articles

  • Ausloos, Jef (2012). "The 'Right to be forgotten'—Worth remembering?". Computer Law & Security Review 28 (2): 143–152. doi:10.1016/j.clsr.2012.01.006. 
  • Bennett, Steven C. "Right to be forgotten: Reconciling EU and US Perspectives, The." Berkeley J. Int'l L. 30 (2012): 161.
  • Blackman, Josh. "Omniveillance, Google, Privacy in Public, and the Right to Your Digital Identity: A Tort for Recording and Disseminating an Individual's Image over the Internet." Santa Clara L. Rev. 49 (2009): 313.
  • Bolton, Robert, "The Right to Be Forgotten: Forced Amnesia in a Technological Age," 31 J. Marshall J. Info. Tech. & Privacy L. 133 (2015).
  • Castellano, Pere Simón. "The right to be forgotten under European Law: a Constitutional debate." (2012).
  • Gstrein, Oskar Josef (2020). "Right to be forgotten: european data imperialism, national privilege, or universal human right?.". Review of European Administrative Law 13 (1): 125–152. doi:10.7590/187479820X15881424928426. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3530995. 
  • Koops, E. J. "Forgetting footprints, shunning shadows: A critical analysis of the 'right to be forgotten' in big data practice." SCRIPTed 8, no. 3 (2011): 229-256.
  • Palazzi, Pablo. "El reconocimiento en Europa del derecho al olvido en Internet." La Ley 10 de junio de 2014: (2014).
  • Palazzi, Pablo. "Derecho al olvido en Internet e información sobre condenas penales (a propósito de un reciente fallo holandés)." La Ley 17 de diciembre de 2014: (2014).
  • Rosen, Jeffrey. "The right to be forgotten." Stanford law review online 64 (2012): 88.
  • Simeonovski, Milivoj; Bendun, Fabian; Asghar, Muhammad Rizwan; Backes, Michael; Marnau, Ninja; Druschel, Peter. "Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information." The 13th International Conference on Applied Cryptography and Network Security (ACNS 2015).
  • Gallo Sallent, Juan Antonio; "El Derecho al Olvido en Internet: Del Caso Google al Big Data" (2015) (ed.): CreateSpace,, Barcelona, España. ISBN:978-1511412124.
  • Tsesis, Alexander. "The Right to Erasure: Privacy and the Indefinite Retention of Data", 49 Wake Forest Law Review 433 (2014).

Books

  • Ausloos, Jef (2020). The Right to Erasure in EU Data Protection Law. Oxford University Press. ISBN:9780198847977.
  • Eichhorn, Kate (2019). The End of Forgetting: Growing Up with Social Media. Harvard University Press. ISBN 978-0674976696. 
  • Jones, Meg Leta (2016). Ctrl + Z: The Right to Be Forgotten. NYU Press. ISBN 978-1479881703. 

Cases

  • Melvin v. Reid 112 Cal.App. 285, 297 P. 91 (1931)
  • Sidis v F-R Publishing Corporation 311 U.S. 711 61 S. Ct. 393 85 L. Ed. 462 1940 U.S.
  • Google Spain, S.L., Google Inc. y Agencia Española de Protección de Datos (AEPD), Mario Costeja González ECLI:EU:C:2014:317

Legislation

  • Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. EU Directive 1995.
  • European Commission. Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and On the Free Movement of Such Data (General Data Protection Regulation). 2012/0011 (COD). Article 3. "Territorial Scope."

External links