Until last year, the right to be forgotten used to be an idea of Viktor Mayer-Schönberger, an Austrian law professor. He suggested – and probably still suggests – providing a “best before date” for data that is electronically saved. After the expiration of the date, the data would be automatically deleted by the application or computer system. Last year, the idea – or a modification thereof – became part of a draft regulation of the European Commission.Article 17 paragraph 2 of the Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (further referred to as “General Data Protection Regulation”) stipulates:
Where the controller referred to in paragraph 1 has made the personal data public, it shall take all reasonable steps, including technical measures, in relation to data for the publication of which the controller is responsible, to inform third parties which are processing such data, that a data subject requests them to erase any links to, or copy or replication of that personal data. Where the controller has authorised a third party publication of personal data, the controller shall be considered responsible for that publication.
Since the EU Commission’s proposal was first publicly available, the right to be forgotten has been widely discussed and attacked. Some find it impossible to technically meet the requirements set forth by the regulation. Others call the request for complete erasure censorship. Few find it the right to be forgotten something that should become legally binding in all European Member States.
Recently, the Oxford University picked up the controversy and held a conference on “The ‘Right to be Forgotten’ and Beyond: Data Protection and Freedom of Expression in the Age of Web 2.0”. The transcripts of the speeches given at this conference are now available here, the podcasts can be downloaded here.
At the conference, the area of tension between data protection, freedom of expression and the right to be forgotten was approached in four sessions:
In his keynote, Professor Artemi Rallo Lombarte, former Director of the Spanish Data Protection Agency and Professor at Jaume I University presented the background of the right to be forgotten from the Spanish perspective. By describing cases the Spanish Data Protection Agency had to deal with, he explained why – in his opinion – jurisdictions have a need for a right to be forgotten.
Dr. David Erdos’ presentation of this empirical study on the status quo of the controversy between the freedom of expression and data protection laws was followed by Professor William Dutton’s plea not regulate how to forget something that society hasn’t even figured out how to remember.
In the following session David Smith and Rosemary Jay each point contradictions between data protection laws and goals on the one hand and the freedom of expression on the other. While Jay finds it hard to reconcile data protection and freedom of expression due to data protection being regulated by written laws and the freedom of expression having been formed by judicial decisions and precedents, Smith identifies a need for regulation with regards to blogs, search engines and other web-services. They – he says – are located in the middle between journalism and data processing by private persons and therefore don’t fall within the scope of the regulations concerning one or the other topic. According to him, the draft regulation does not properly regulate the topic either.
Anthony House, Manager at Google’s Central Policy Team starts his speech by pointing out that Google has “few concerns about the right to be forgotten as it is expressed in the proposed Regulation. “ But he finds it boring to agree with people and thus focuses on the controversies. He objects the Commission’s decision to regulate those internet services that – like search engines – can effectively control data. The strategy – he says – resembles the way censorship was enacted in the 15th/16th century.
During the final session four, focusing on the question how the Web 2.0 could be regulated, the speakers called for centralization and regulation by the EU.