EU Report: The 'Right To Be Forgotten' Is Technically Impossible… So Let's Do It Anyway

from the just-forget-it dept

Every few months, it seems, we hear about yet another attempt in Europe to implement the absolutely ridiculous idea of the “right to be forgotten.” We wrote about it in 2010, 2011 and again earlier this year. It’s a silly idea for a variety of reasons. The general idea is that someone, say, who has committed a crime, but is then rehabilitated / served his time / whatever, deserves a “fresh start” and the stories of the crime and punishment should be erased from publications. Europeans who support this wacky idea argue that it’s a form of a privacy right. But that’s ridiculous. It has nothing to do with “privacy” at all, as the fact that someone committed and convicted of a crime is a public fact, not private info. Telling people (and publishers) that they can’t talk about factual information, or even leave available factual stories written at the time just seems completely offensive to anyone who believes in the basic idea of free speech.

And, of course, there’s an even bigger problem. The whole idea isn’t just silly and complex, but it’s totally impossible. And it’s not just me saying that. As Stewart Baker points out, the European Network and Information Security Agency (ENISA) has put out a report making the basic impossibility of a “right to be forgotten” quite clear:

Consider Alice viewing Bob’s personal information on a computer screen, while she is allowed to do so (i.e., before Bob has invoked his right to be forgotten). Alice can take a picture of the screen using a camera, take notes or memorize the information. It is technically impossible to prevent Alice from doing so, or even to recognize that she has obtained a copy of Bob’s personal data.

They seem to make that clear just by the image they chose to put on the cover of the report:

That said… given the very admission that this is impossible, you’d think the recommendation would be (perhaps) to find something a little more productive to work on. But, no, that would be wishful thinking. Instead, despite the admission that the whole endeavor is doomed to be a failure for the simple fact that it’s impossible, they still discuss ways that it might be implemented. And their ideas? Well, to double down on the impossible with crazy regulations. Take for example, the following two “recommendations” in the final section, one right after the other:

  • For any reasonable interpretation of the right to be forgotten, a purely technical and comprehensive solution to enforce the right in the open Internet is generally impossible.
  • A possible pragmatic approach to assist with the enforcement of the right to be forgotten is to require search engine operators and sharing services within the EU to filter references to forgotten information stored inside and outside the EU region.

Got that? So it’s impossible, but let’s regulate the hell out of search engines and tell them what they can’t link to. Perhaps if they’d stopped after the point at which they determined it was “impossible” we’d all have been better off.

Filed Under: , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “EU Report: The 'Right To Be Forgotten' Is Technically Impossible… So Let's Do It Anyway”

Subscribe: RSS Leave a comment
Tony says:

Re: Response to: Dan Bull on Dec 6th, 2012 @ 5:46am

The excerpt and many of the comments seem to confuse how rights interact with facts.
The example given by the European rep also confuses the two.
Merely because one can take a picture does not reduce any rights in the information.
I can take a picture of a copyright image. It does not mean I can distribute and hence undermine the copyright without legal consequence.

out_of_the_blue says:

Yes, "lets regulate the hell out of search engines"!

First, most important for the fanboy-trolls”: I’ve quoted Mike’s original text above: it was HE who wrote “lets”, not me.

Now, this is yet more of Mis-directing Mike’s blather. We can definitely prevent search engines from storing tracking data forever — and no corporation has a right to do so, it’s merely an ability. So on the largest front of everyone NOT being tracked ALL the time, that’s totally do-able.

On the narrow area where Minuscule Mike focuces, it SAYS totally is impoossible, but search engines can still be required to do what’s possible.

So there’s NO CONTRADICTION, MIKE, you’re just blathering again.

(Going for the rare double-post when blank screen returned.)

Mike “Streisand Effect” Masnick desperately needs your click. — Why? — Don’t ask me! He’s the one puts this link up often:
(IF he’s so famous, why does he need to put the link up?)

silverscarcat says:

Re: Yes, "lets regulate the hell out of search engines"!

ootb, stop talking out of your ass.

WHERE did MIKE say ANYTHING about Search Engines?

Oh wait, he DIDN’T!

He was QUOTING part of the article in question that he was discussing…

And the ARTICLE which was being QUOTED was the ONE who said that!

Also, WHAT have I said about your STUPID AS FUCKING HELL “sig”?

You need to play outside so the grownups can talk.

DCX2 says:

Re: Yes, "lets regulate the hell out of search engines"!

Allow me to rephrase OOTB because, honestly, I agree with the basic sentiment he is attempting to express, in between all that antagonistic garbage.

Do not let perfect be the enemy of good.

I, for one, have gone out of my way to keep my real life as disconnected from my Internet life as possible. I occasionally Google myself to make sure it’s hard to find me. Having a limited ability to selectively erase bits and pieces can help preserve my anonymity by giving me at least a weak defense against an attempted dox attack.

Again, this won’t be perfect. e.g. Violentacrez would still have been unmasked by Adrian Chen. But IMO, something is better than nothing at all.

nasch (profile) says:

Re: Re: Yes, "lets regulate the hell out of search engines"!

We can definitely prevent search engines from storing tracking data forever

What he’s talking about is a right to control what a business does with private information about me. The “right to be forgotten” is a right to control what a business does with public information about me. One has serious free speech ramifications and the other doesn’t.

Anonymous Coward says:

BTW the right to be forgotten I believe is based on how society used to work, if you did something wrong you could move to another area and try again, you could make mistakes and pay for them and move on, and although I find that to be great and would miss it, one has to face reality eventually, every dumb thing you do for now on will be recorded and remembered for a long time, there is only one place where you can make mistakes anonymously and use it to better yourself and that is the anonymous web. But that is not enough people will do dumb things and others will be able to remember for a long time, society will need to develop other skills now and more emotional self-control, it seems impossible but it is not, I am certain others will learn how to see old bad news about others and eventually learn that what is important is how they are now not how they were then.

Anonymous Coward says:

Re: Re: Re:

Exactly, people won’t be able to hide them anymore from others, in an hyper-connected world the chances of everybody knowing about your dumb years are greater than ever before, this will force people to either not be dumb which I doubt it is possible or learn how to live and understand why those dumb acts occur because just throwing judgement over others is fun until it happens to you and with so many laws to break, everybody eventually will be either a criminal or relative of a criminal, everybody will see how dumb others are and nobody will be able to say I am not like them, this may force some new societal perspectives changes.

If it is good or bad only time will tell.

Anonymous Coward says:

Re: Re:

“BTW the right to be forgotten I believe is based on how society used to work, if you did something wrong you could move to another area and try again…”

You underestimate how quickly news about your misdeeds used to travel – and how distorted they would get along the way. Today, that process just happens in a wider scale and much faster thanks to the Internet. The underlying reality didn’t change, though.

But the base problem here isn’t that these news travel far and fast. The base problem is that people don’t trust, say, criminals after they commit a crime, even after they’ve paid for it. That is not something you can regulate with laws. You’d have to magically make people accept to just “forgive and forget”.

Anonymous Coward says:

Re: Re: Re:

You see, this is a problem because everybody will either have a criminal in their family or have a record at some point in their lifes according to some estimates more than half the population of this world will break the law and get caught by laws that are known or unknown to them at some point.

You don’t need to trust “criminals” specially if they know how to spot a real-criminal and one that was made a criminal by law there is a difference and it is very important.

And the how to spot criminals will be created by societal norms, like it always has been.

Also the right to be forgotten appears to be only an European thing and they do make exceptions I doubt that all those countries that enacted laws to have pedophiles listed everywhere forever will give up those laws.

On the matter of news traveling, well only if you were famous or infamous because if you were nobody, news didn’t travel that far from your hometown and you could move about from city to city, so I don’t believe you are correct in that respect, people had more chances than they do today, if anybody does a search for a name it will pop up their entire history from anywhere in the world, that couldn’t be done in 80’s or even the 90’s things changed a lot.

Anonymous Coward says:

Re: Re: Re: Re:

Sorry to burst your bubble.

Out of my family of four siblings 2 of us (including me) have a criminal record. Neither of which can be found Online.

Only news worthy crimes make it to the news and therefore online. SO it would usually have to be something pretty big to make it there.

Anonymous Coward says:

Re: Re:

“society will need to develop other skills now and more emotional self-control, it seems impossible but it is not, I am certain others will learn how to see old bad news about others and eventually learn that what is important is how they are now not how they were then.”

Society will have to learn to forgive? But then who will we wag our fingers at?

art guerrilla (profile) says:

'right to be forgotten' ? ? ?

1. sounds like a ‘right to re-write his story’ to me…

2. *besides* the technical/practical hurdles, i have NO DOUBT that any such ‘laws’ etc would be used/abused by the rich / famous / powerful to scrub their seedy his stories from the public record…

it is ever thus: laws made *purportedly* for the benefit of us li’l peeps are crafted or used by the rich/powerful to our detriment…
same ole same ole

art guerrilla
aka ann archy

Anonymous Coward says:

Re: 'right to be forgotten' ? ? ?

The right to be forgotten is actually an important part of the police/employer relationship. The police would give out a criminal record on request and use that against a job applicant. To prevent petty theft and bar-fights from pushing people down the gutter of “once a criminal, always a criminal” these lesser crimes were removed from the criminal record they delivered to the employer. Now, with digital traces and employers searching facebook for information on potential employees, that safety for people is gone and it is never coming back. I think it was a good system to be honest, but all good things come to an end and trying to enforce it digitally now is sheer unadulterated insanity.

art guerrilla (profile) says:

Re: Re: 'right to be forgotten' ? ? ?

except that in today’s society, we are ALL ‘criminals’, according to ‘our’ (sic/sick) Empire…

there was an article i saw the other day that estimated that -NO MATTER how much you think you adhere to ALL laws- ANY OF US can be jackedup by the piggies if they decide to go after you…

on top of that, if The They ™ turn the Eye of Sauron upon YOU, they WILL find shit (or simply plant it, no biggie) on ANYONE (see: petraeus/allen/et al)…

*THAT* is the purpose of vacuuming up ALL the info in the world: EVERYONE becomes vulnerable to being screwed over by The State (or more to the point: those who control the secretive apparatus of The State), so you better keep your steenking piehole SHUT, ‘citizen’…

art guerrilla
aka ann archy

Anonymous Coward says:

Re: Re: Re: 'right to be forgotten' ? ? ?

Criminals are those with enemies in high place (I agree that anyone breaks arbitrary laws and that anybody can go to prison for it. The question was how well one hand controlled the other. In Denmark we have the worlds most extensive anti-inhability measures encoded in the laws surrounding the separation of power, which makes enemies in high places several people or criminals themself and thus a harder system to abuse)!
The laws under the right to be forgotten was a good thing because older history and society was different. It was a shield no matter how you think of it is a vacuum cleaner. Earlier times news was slow to travel and the system worked as a DADT in the employer/employee job-situation and protected employees.
Today, the dirt is getting laundered a lot more publically and news travel extremely fast. Now, it has become an obsolete principle, but it was a good principle in the olden days at protecting the employees rights.

Anonymous Coward says:

Re: Re: 'right to be forgotten' ? ? ?

Submitted a tad bit too fast. Right to be forgotten is a question of time. Petty theft and bar-fights are removed from the criminal record the police gave out after a certain period of time (I don’t know how long time. I haven’t needed to know.). Child molestration and murder is never removed from the criminal record.

To shoot a bit back at the paranoia going around here, it is likely to be a question of official documents they wanted burried (Newspapers are thus offlimit!). A politician will have his/her life gone through to such a degree by the press that they cannot hide those things anyway. Doesn’t make the ideas of altering search results any more reasonable, but it is not a conspiracy to defraud. Rather it is a positive notion they are protecting, but a sick way of even thinking about enforcing.

nasch (profile) says:

Re: 'right to be forgotten' ? ? ?

2. *besides* the technical/practical hurdles, i have NO DOUBT that any such ‘laws’ etc would be used/abused by the rich / famous / powerful to scrub their seedy his stories from the public record…

I’m not sure you can really call it abuse when that is explicitly what the proposal is designed for (though ostensibly not just for the rich and powerful).

Anonymous Coward says:

This smells like another vector in the war on communication, although it also fits well under the title of the war on reality.

“The Right To Be Forgotten” does not have the look and feel of an issue people can really get behind and support. It could be renamed something like the anti-shaming right … ummm, no that falls a bit short. Hmmm lets see now – how about The Right Of Respect. Yeah, because there is clearly a war on respect being waged here. We can not have our leaders’ good names being dragged through the streets like some kind of trophy.

On the other hand, why not just call it “vanity rights”, as it will only be used by those who are clearly vain. ….. Oh wait a sec, it would also be used by the propaganda pushing pundits – so it could be referred to as propaganda rights. The right to blatantly lie, change history and generally mislead the public. Yeah, that’s what they want.

Anonymous Coward says:

Well, I guess I know how to get rid of all the newspapers I don’t like…

Step 1) Buy a news paper subscription.

Step 2) Make sure to save all the page of the paper that list crimes committed by individuals.

Step 3) Wait a few years until some criminals are rehabilitated, and invoke their right to be forgotten.

Step 4) Submit old news papers as evidence of said Newspaper violating the right to be forgotten.

Step 5) Watch the Newspapers get sued into oblivion for violating the right to be forgotten of the reformed criminal, after all, I was just being a good citizen submitting evidence of their violations of someone else’s rights.

PaulT (profile) says:

Re: 'forgotten information'

That’s one of the points, really. Information is never forgotten, it’s just suppressed, hidden or taken somewhere outside of mainstream access. That’s not possible today.

There never really was a way for people’s past actions to be “forgotten” as such if they were recorded anywhere. All that happened was that the information was only available in certain sources, which were either restricted access (e.g. official records) or obscured (e.g. archived newspapers). So long as most people couldn’t access, or had no interest in the work required in finding the information (or the authorities agreed not to take them into account during their actions), they were essentially “forgotten”.

Not so now, when everybody has access to all those records any time they want, and there are no gatekeepers who can control access to the content. Google and other search engines may be the majority method for people to find the information, but it’s not possible to actually suppress completely because someone, somewhere will always have the information. Even if it’s taken offline from their servers, it will be stored somewhere for people to access. Not only that, but any attempt to aggressively force people to remove said information from their sites will almost certainly lead to the Streisand effect (that is, for the benefit of ootb and his fellow morons, the very act of trying to suppress the info will lead to more people talking about it).

Anonymous Coward says:

Re: 'forgotten information'

I suppose you could go Pharaoh style and bury the guy that compiled the “forgotten information” with the information itself inside a pyramid.

The only problem is that you’d have to build a huge pyramid to bury all the people you send to check the notes every time you needed to check if someone illegally remembered something.

Anonymous Coward says:

I actually couldn’t disagree more on this one. I normally am in total agreement with what I read on this site. Let me explain. At one time, I had a LinkedIn account. I asked for my account to be removed. Later, LinkedIn was hacked. If my account had been deleted, as per my request, my information is not out there right now in the wild. Sure, someone could of read it or memorized it or whatever. That’s not the concern here. The concern is when I instruct a company to delete my information, I expect it not to just be made invisible, I expect it to be deleted. I believe this is what’s at issue here. Once it is out there, sure there are caches here and there, but that is of the information I chose to make public. Internet companies often collect more information than what is made public through the process of setting up an account. We have the option on Facebook for what to actually share and who to share it with, yet on the backend, there is much more information there. I should be able to ask for my information to be removed in these circumstances. I opted in, why can’t I opt back out?

PaulT (profile) says:

Re: Re:

So, you got LinkedIn to remove your private information from their own servers. Well done, I suppose, but that’s hardly relevant here to the matter at hand.

First of all, you seem to be confusing two issues. One is privacy concerning non-public data that you gave LinkedIn/Facebook when you signed up for an account. That’s not what the article is discussing, and should already be addressed by EU data protection laws (or whatever the equivalent is in your country).

The second set of data that *is* relevant to the article is the information you chose to make public. Now, assuming you used LinkedIn for professional purposes as most people do, whatever information you put up there publicly (education, employment, etc.) was most likely available elsewhere to begin with. But, if there wasn’t, the removal from LinkedIn wouldn’t necessarily have removed that information from the public web. Apart from versions stored on LinkedIn’s backup servers or other databases, you have caches, web crawlers, site scrapers and other sources. Employment agencies may well have downloaded your data to use in their own internal systems if you indicated that you were interested in employment. Removing from LinkedIn’s current incarnation wouldn’t have removed the data from there.

On top of that, you have to understand the public interest angle. An online resume isn’t necessarily something that a lot of people would take copies of. However, if you had a news story written about you, a notice of some criminal activity, or even something particularly embarrassing that was taken of you at a party – well, more copies of that would exist. It will have been shared, linked, reported on blogs, reported in the press, archived and so on. Taking the story off Google’s index may make it a little harder to find, but it would be online somewhere. It would be impossible to ensure that every copy was removed, and impossible to ensure that the story wouldn’t spread again were interest taken (even if said interest was merely your own attempts to get it removed).

Anonymous Coward says:

Re: Re: Re:

Sorry to burst your bubble, but Techdirt has no idea what the right to be forgotten is about. It IS about having private companies delete your info. I don’t know where Techdirt got the idea that this was about a law to censor the press – I guess the politicians working on this law brought up the topic of the press in their discussions, and Techdirt extrapolated some conspiracy theories from there, as they usually do.

nasch (profile) says:

Re: Re: Re: Re:

Sorry to burst your bubble, but Techdirt has no idea what the right to be forgotten is about. It IS about having private companies delete your info.

I think you may be right: “In particular, data subjects should have the right that their personal data are erased and no longer processed, where the data are no longer necessary in relation to the purposes for which the data are collected or otherwise processed, where data subjects have withdrawn their consent for processing or where they object to the processing of personal data concerning them or where the processing of their personal data otherwise does not comply with this Regulation.”

That sounds much more like a social network situation than a newspaper story. It will be important to clearly define what is meant by “personal data” though if this moves forward. Otherwise it will be ripe for abuse.

PaulT (profile) says:

Re: Re: Re: Re:

“It IS about having private companies delete your info. I don’t know where Techdirt got the idea that this was about a law to censor the press”

Is it possible for you to bring up a point without acting like an asshole and attacking people? That might help conversations somewhat.

You seem to be attacking me for an interpretation of the “right” that I don’t have, based on things other people have said. Would you mind telling me where you get the idea that I didn’t think that private companies were involved or that this somehow relates directly to the press other than my quick mention of it above in 4 paragraphs of text?

If you feel I’m still wrong, please explain without being an obnoxious twat and cite sources for where you’re getting your interpretation from. Then we can discuss it. But please, address my stated opinion, not a nebulous “Techdirt” option that I don’t share.

PaulT (profile) says:

Re: Re: Re: Re:

“I’m saying if I ask a company I do business with to delete my account, my account should be deleted.”

Indeed. If you read my response, I explained that there’s 2 separate points there. I’ll try again more succinctly:

You can definitely make sure that private information is removed from their servers. You cannot guarantee that information that has been made public is removed, since it may have been copied, cached and otherwise distributed by external parties that have nothing to do with the originating site. The former situation is not what the “right to be forgotten” addresses, and it should already be covered by data protection laws. The “right” under discussion only covers publicly visible information. Therefore, while true and noble, your response really has nothing to do with the article you’re commenting on.

Is that clear?

Gwiz (profile) says:

Re: Re:

No offense intended here and I sympathize with your situation, but you really only have yourself to blame.

LinkedIn’s Privacy Policy states that they can and may retain any information after you close your account. Now it’s possible that the policy was different when you signed up, but the fact remains that you did agree to it when you started using LinkedIn.

Anonymous Coward says:

Re: Re: Re:

And that’s why we need the ‘right to be forgotten’. Such clauses in Privacy Policies need to be over-ruled by the law, to protect the public. Pretty much all websites have such clauses, it’s not like you can get the same services from another company or website who will respect your privacy. You either sacrifice your privacy, or you live without the web. That’s not right and that’s why the government needs to step in (as it often does for the public interest).

Gwiz (profile) says:

Re: Re: Re: Re:

And that’s why we need the ‘right to be forgotten’.

I disagree. I don’t think we need it.

Such clauses in Privacy Policies need to be over-ruled by the law, to protect the public.

Umm. Privacy Policies are law. It’s a contract. The public, as you say, also needs to be aware of what they agreeing to. Just because you didn’t read it, doesn’t mean it isn’t binding.

Pretty much all websites have such clauses, it’s not like you can get the same services from another company or website who will respect your privacy.

Yes, they do have such clauses. It’s why I rarely give any website my personal info. You didn’t have to use LinkedIn, no one forced you to.

You either sacrifice your privacy, or you live without the web.

That is completely not true. I use the web all the time and rarely give my info out.

Laws won’t fix gullible people. This is really about personal responsibility. Don’t want your info out, don’t put it out there.

Anonymous Coward says:

Re: Re: Re: Re:

No you don’t what you should have done it is to encrypt all the data and get a contract saying that you will furnish a service provider with a public key that works to decode the data and at anytime you want you could revoke that key, also in the contract it should say you don’t allow your own data to be copied in non-unencrypted form.

Then you have all the legal tools to compel any company to comply with your wishes.

Why make new laws when you already have perfectly good working ones?

Anonymous Coward says:

Laws of nature

It’s already one of the laws of nature to forget everything sooner or later.
Don’t believe me? Try remembering that thing…you know that thing about that guy you saw on the news…or was it on the internet.No It was on the news.Channel 6 I think, but maybe it was on 8.Anyway it was about this guy who was supposed to…or did do this thing that was really stupid or dumb or something…any way ahhh…it was a thing that ahh…oh shit!…now I forgot!But you remember what I talking about,right?

We don’t need no stinking laws about forgetting stuff…or whatever it was…

Anonymous Coward says:

Google is not the problem–it’s what people are DOING with what they find.

I work at a travel agency, and one of my clients booked a trip to Canada. He was refused entry because he had a DUI arrest several years ago. Now, I don’t condone drunk driving, but really Canada?

Remember that guy who lost his job when it was discovered that he had been busted for trying to do a load of laundry with a fake dime 50 years ago?

Instead of trying to mandate forgetting, how about setting limits on what we can do with what is remembered?

F! says:

please forget about me

Like the AC above, I too tend to agree with the stance TechDirt takes on most issues they address. This one I believe they have completely wrong end of the stick.

I’ll go so far to agree that search engines should not (and could not, without destroying both their business model AND their usefulness) be required to remove any information whatsoever. The same goes with media publications – newspapers, magazines, etc. have a duty to retain all past news releases in perpetuity. They are the de facto public record, after all.

On the other hand, private companies such as social networking sites, shopping sites, and other sites (blogs too) that allow or require ‘membership’ profiles to be created should also be required to provide a ‘delete profile’ button that completely and permanently deletes all information the website has pertaining to that individual. A ‘hide profile’ button would be a nice option too, but there is absolutely no valid reason not to provide an individual the ability to be completely removed from a particular database – including the fact that they ever even had a profile.

In regards to privacy, this deserves to be right up there with ‘do not track’ and anti-spam laws. We all need more privacy than is currently provided online, and I believe ‘the right to be forgotten’ is one of the key tools we can use to protect individuals’ privacy.

It would appear Masnick – and subsequently, the vast majority of commenters here – missed the spirit behind ‘the right to be forgotten.’ Obviously the law as proposed goes way overboard in what it requires. This is a complex problem that is in need of serious discussion, not a knee-jerk outright rejection.

just a visitor says:

you are comparing apples and oranges

While I share certain doubts about ‘right to be forgotten’ idea, it seems that article is already a mix up. Yes, criminal past is a fact and cannot be erased (or at least not quickly and not completely), but rtbf is really about privacy of the people who may wish their own data and content to be removed from public view. It’s a matter of consent. Once given, with the right to be revoked. Think about it that way. Think about some stupid picture that 17-years old Jimmy put on his facebook page and which 27-years old James, now lawyer / banker / journalist / politician wants removed.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...