Why Can't Europe Just Forget The Ridiculous Idea Of A 'Right To Be Forgotten'
from the we-can't-forget dept
We’ve talked about what a dumb idea a “right to be forgotten” is in the past, and yet, Europe keeps looking into just such a law. A leaked copy of the EU’s new Data Protect Directive includes a clear “right to be forgotten” initiative:
To strengthen the ‘right to be forgotten’ in the online environment, the right to erasure should also be extended in such a way that any publicly available copies or replications in websites and search engines should also be deleted by the controller who has made the information public.
Basically, if there’s any information about you online — even information you created yourself and posted online directly — that you suddenly decide shouldn’t be online any more, you can demand its removal. This is pretty ridiculous for a variety of reasons. While it’s positioned as a form of “privacy,” that’s insane. There’s no “privacy” in information you’ve already released publicly. Pretending that the information can just “disappear” is fantasy-land thinking by EU politicans.
Failing to delete the info in question can lead to rather large fines, up to 1% of a company’s revenue. As someone who runs an American company, this bill is particularly worrisome to me. Because of an agreement between the US and the EU, if we allow anyone from Europe to use Techdirt, we have to promise to follow standard privacy practices that meet EU standards and pay some company a yearly fee to make sure we’re in compliance. We’ve done this (even though I’m sure that many, if not most, American websites ignore this rule). But now I need to go explore if this means we would have to delete any old comments from Europeans. As a rule and policy, we do not delete old comments from Techdirt. We get requests from time to time (and every so often a legal threat), but we stand by our policy. If suddenly we have to worry about massive fines from Europe just because someone regrets what they said in a comment years ago, I’m not sure what we’ll do. At the very least, we’d have to explore banning comments from Europeans on the site.
What really gets me about this is that the entire “right to be forgotten” doesn’t seem to serve any legitimate purpose, other than to pretend that you can somehow delete public information that you later regret. I can’t see how that solves any public policy issue, other than that people sometimes regret what they say or do. But out here, in the real world, people learn to get over such things, not to pretend the world is some magical fantasy land where they can delete history.
Filed Under: europe, privacy, right to be forgotten
Comments on “Why Can't Europe Just Forget The Ridiculous Idea Of A 'Right To Be Forgotten'”
Right to not exist
If this were to pass, then it should be absolute. If Joe Schmoe wants to be “forgotten” on the Internet, then all references to Joe, all of his emails, accounts, photos, bank accounts, etc. should be erased, and he should not be allowed to recreate any of these. IE, he will cease to exist in cyber-space… I wonder how many people would opt out in such a way if that was the effect of their decision? Of course, a side-effect will probably be to erase all of his credit cards, home mortgage account, driver’s license, passport, … As someone once said, beware what you wish for, you just might get it!
It may be useful for e.g. if I delete my account from Facebook, then Facebook should delete all traces of me. I.e. my “right to be forgotten” would be exercised by Facebook. That would make more sense than demand that public information is erased everywhere.
Re: Re:
But what if you use an outside website that allows posting with your Facebook account login? Do you think they should be required to delete any comment threads you started, blog stories you wrote, etc.?
The problem is, the internet is all interconnected like some kind of large mesh of ropes that are tied to each other. Everything is connected, and chopping pieces out would have widespread effects on the rest of the net.
Re: Re: Re:
No, unless I explicitly go to that other website and request that my data is deleted. That, in my opinion, is how the system would work. I may be wrong.
You should have the burden of identifying who holds your data and request they delete it. If you miss a few, your problem.
You cannot just request that your data be deleted, and all companies working in Europe have to scour their databases etc to look for you and delete your records.
Re: Re: Re: Re:
Except it doesn’t just effect you. It never has, it never will. While I don’t know any specifics about this particular set of legislation, they are usually wide open for abuse. If someone quotes one of those things you wish to be removed, does THEIR comment fall under the umbrella of your vendetta? Do entire comment threads made in reference to your stupidity suddenly get disappeared? Does a photo someone ELSE took with you in a compromising position fall into your net, as well?
Where will the line be drawn?
More importantly, who gets to draw it?
Re: Re: Re:2 Re:
“More importantly, who gets to draw it?”
Twitter.
Ultimately I understand your reasoning that once a comment has been in public it’s impossible to remove entirely, for example someone else might simply take a screen shot and post it elsewhere, but I have a lot of sympathy for what the European parliament is trying to do.
One thing that really annoys me is forums/comment sections that don’t allow you to edit or delete your own posts, even if you just want to correct a glaring spelling mistake. Every forum should allow someone to take their own content down if they later regret writing it, but saying it will then be ‘forgotten’ is naive. of course many of these same forums reserve the right to ‘moderate’ ie censor anything you post if it offends them.
The other huge issue is Google’s cache. Again, google has the right to cache public information, but for example if I delete my Twitter account, I’d like to know that it won’t remain visible on google for the rest of my life.
Re: Re:
“Every forum should allow someone to take their own content down if they later regret writing it”
Why? Once you’ve posted it, you’ve generally given a license to use the content as they see fit, including (especially) their ability to keep showing it.
Re: Re:
I can agree to wanting to be able to edit a comment for a spelling mistake or grammatical error. Especially here on Techdirt, I’m at work a lot when I’m browsing the site and trying to get my 2 cents in or devour a delicious troll in between clients and the fat finger syndrome makes me seem like English is a second language. I’m just not a proficient typist and poor at proofreading when distracted. As I hit the submit button, I see the mistake, and I want to change it but too late… Meh, people in hell want ice water and they don’t get what they want either. This is the cost of doing business with the internet. It’s appalling to me that the EU would impose this type of liability and administrative burden against those that retain the data. When you give something to the public it belongs to the public. No amount of remorse or entitlement will change that. What if something was printed in the newspaper? Would the paper have to track down every copy sold, destroy it, and replace it with a redacted version? There is a word for this behavior, and it’s called censorship and it’s always wrong.
Re: Re: Re:
Thanks especially the newspaper reference.
If you don’t want your stuff on the internet then stay off of it.
People are oversensitive and getting worse.
logic makes an unwelcome appearance
Two thoughts:
1) Would it be enough to bar Europeans, if information about Europeans is what must be redactable? That is, can the EU law (and US-EU agreement) force an American site to delete an American’s post about a European doing something embarrassing?
2) If posts by Europeans are what must be redactable, would it be sufficient to not verify user identities? That is, if whether a comment must be deleted depends on whether it was posted by a European, and there is no way to prove that the user UK PM David Cameron is actually UK PM David Cameron (or was at the time of posting) then can the comment stay up?
And you think this is a BAD thing? WTF?!
Take this statement, for example: “There’s no ‘privacy’in information you’ve already released publicly”. Suppose it’s not YOU who released such information, but the government, a hacker, or an ex-lover. Mike, I’m sure there are things about you that you would rather not have online. How would you feel if they were?
I commend your stance about not deleting comments. Other than that, your stance on this issue is a bit of a head-scratcher.
Re: Re:
Uhh, except no one is talking about the information released by governments, hackers, or ex-lovers except you.
Re: Re:
Being able to choose what other people can say about you is a tool of censorship, and those are generally used in favor of those in power to censor those without it. The most reliable way to prevent such abuse is to never grant the power in the first place.
Re: Re: Re:
There are laws regarding defamation and libel that are conveniently in place for reacting to these types of issues. What has been seen cannot be unseen. State sponsored censorship because someone is embarrassed by someone else divulging private information or regrets something they said online is not justifiable. When you post something online you acknowledge the chance that it becomes public. When you tell someone something in confidence you acknowledge they might not keep your secret. Saying that’s private or I want a do over is nice and all, but it shouldn’t force the rest of the world to change to fit your view on reality.
If you want to be forgotten, the only way to do so is to never have been known in the first place.
Re: Re: Re: Re:
Sorry, this was meant as a reply to Anonymous Coward, Jan 31st, 2012 @ 3:18pm
/ifailatinternetzagain
Re: Re:
There are laws regarding defamation and libel that are conveniently in place for reacting to these types of issues. What has been seen cannot be unseen. State sponsored censorship because someone is embarrassed by someone else divulging private information or regrets something they said online is not justifiable. When you post something online you acknowledge the chance that it becomes public. When you tell someone something in confidence you acknowledge they might not keep your secret. Saying that’s private or I want a do over is nice and all, but it shouldn’t force the rest of the world to change to fit your view on reality.
If you want to be forgotten, the only way to do so is to never have been known in the first place.
Walks like a duck
If it walks like censorship…
If it talks like censorship…
It must be censorship.
This is as bad as the private right to action in SOPA. I can see companies being overrun with requests to “forget me”. It will be a nightmare and a burden on every internet company.
Cool, a new way to censor the Internet. How long before the entertainment industries jump in ?
Re: Re:
I guess if they tell you to forget about Hurt Locker, then you will have to forget. Might be a back door for anti-piracy laws. 😉
Re: Re:
Well, all they’d need is a ridiculous court ruling that says companies are people, and then they’d be laughing.
They don’t want anonymous to remind them of what they said before, as an example of that we can see how the policies of Mr. Blair in the UK are having an effect today, it took almost 20 years but the time to pay for it came about and people will suffer for the lack of the long term view.
I love this idea!
I would like to beat the holiday rush here and formally request that the tax department forget me.
I understand that failure to delete any information relating to me entitles me to 1%of the country’s revenue; I’ll accept gold as payment in order to prevent any further infractions that may occur via the issuance of a cheque.
I can sympathize with what seems to be the aim of this -protecting privacy, but the practical problems seem almost insurmountable. What if it was much more limited? I.e. applying only to address, phone number, etc. and liability applying only to certain commercial uses?
Re: Re:
I’d be more comfortable with very limited, specific “forgets”. For example, it’s probably good practice to not retain certain credit card information for an extended period of time. It also helps you avoid free speech issues — e.g. your credit card number is unlikely to be part of political dialogue, public interest, or other commentary.
Re: Re: Re:
For example, it’s probably good practice to not retain certain credit card information for an extended period of time.
You don’t need a law for that.
http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
While I’ll admit that some of the current standards are hopelessly insufficient, we don’t need a law. A law like that becomes the standard, and will not be easy to change when technology or the market changes. A law saying something to the effect of “credit card information must be deleted 90 days after final payment” virtually guarantees that it will be kept for 90 days even in a decade when it may be much better to delete it 15 days later.
I like the idea
Well, personally, I happen to like their idea. Look, the idea of a button erasing all your information online with the click of a button is indeed a fantasy-land delusion. Never going to happen.
But on the other hand, what is feasible is to force companies to accept requests to remove the information they have collected on you. Services such as Facebook, Google, LinkedIn, etc… They make a living out of collecting personal data. And that’s where the right to be “forgotten” kicks in. You force them to allow you to delete the data they have on you… or face fines.
It’s feasible and it protects privacy should you ever want to erase the information on you on a particular site that collected your information. How many times have you heard of sites like Facebook that “close” your account but somehow still keeps all the data. I sympathize with those people who want them to purge that data when closing the account, if specified.
Re: I like the idea
I’m basically going to repeat some comments from above, sooo:
If Facebook deletes all of “your” data what happens with the following:
-Tags you put on photos, do they get removed?
-Comments on websites using the Facebook plug-in, do threads suddenly have strange gaps where your posts used to be?
-Messages and posts sent to your friends, do they suddenly disappear?
What happens when you delete your G-mail account? Do you expect every e-mail you ever sent to be deleted? Does Google send some type of special message out to every mail server and they “disappear” all of you messages?
The solution to this problem is simple, don’t share information if you don’t want other people to have it. I know it is hard in the digital era because of things like cookie tracking, but you do have the option not to signup for or sign into services. I for one don’t have a Facebook account and I doubt I ever will, even though I work as a programmer and spend the majority of my time online.
Re: I like the idea
Why should companies be forced to delete data they collected on you when you willingly gave them the data in order to use their services?
In some ways, personal data is currency on the web, you want to network using Linked in, you pay with information that Linked in will collect and probably use.
A cultural difference
This area of privacy seems to be one of those interesting cultural differences; in my experience (however limited), Europeans (including UKers) seem to have a much higher regard for personal privacy than some others. Not just in the sense of “if it’s not been made public it’s private” but also the sense of “this information is personal, so should remain private unless I explicitly give it to someone else.” While I need to work on the arguments, I’m not convinced that there can never be privacy in information that has been made public..
Anyway, in this case, I wonder if this “right to be forgotten” is more along the lines of a “right to have personal data deleted” (it only applies to personal data, of course, so not merely comments), where keeping the data could amount to an invasion of privacy. The classic example that springs to mind would be the DNA (etc.) databases collected by UK police forces. While under exiting EU law you should be entitled to a copy of the information they have on you (subject to various exceptions) there isn’t anything that allows you to get that data (or any other data an organisation holds on you) removed. This might provide such a right (although not if the police groups have a say).
Obviously the right proposed is far broader, but it aligns with the principle of “consent” that is fundamental to EU data protection law; one must consent for any sort of processing or publication of personal information, and that consent can be withdrawn at any point prior to an act of processing or publication. This “right to be forgotten” is merely a formal way of withdrawing that consent, and requiring action based on it.
As for the idea of demanding the removal of data you published yourself, again that doesn’t seem too unreasonable; most services already provide some sort of removal capability (usually you have to do it yourself), and it doesn’t seem too unreasonable to require such a capability (no different from taking down a poster you’ve put up somewhere, perhaps?).
As Judge Marilyn Milian (The People’s Court) often says: Say it forget it, write it regret it.
Once it’s on the internet it’s like pee in the pool.
Re: Re:
When you put it that way, I kinda like the idea of the EU trying to put a filter in the pool before it changes colour…
Why can’t the US just forget the ridiculous idea of anti circumvention and the whole concept of trying to blame the tool instead of the user?
Re: Re:
This one isn’t the US, it’s the EU. Get it right.
I agree the law shouldn’t ask to delete all that information from the Internet, just from the website where you sign-ed up, and where you gave your information.
If I want my data gone from Facebook, I should have that ability.
Re: Re:
Exactly!
And if I want to cancel my Sears account, they should delete all data related to me as well. Sales records, everything! The sale never happened. They can change their income statements, inventory, taxes…
Re: Re:
The other day I was out to lunch with some co-workers and I accidentally let a piece of office gossip slip. I immediately regretted saying it, but try as I might, I couldn’t find the button that let me delete that moment from time.
See how stupid this sounds? Now read your post again. Now back down here. Now up to yours. I’m on a horse.
Well if I have a right to be forgotton
Does that mean if I lived in Europe I could call up my ISP or phone company and say “hey, I want to be forgotten so I demand you erase any and all logs you have of my activity.”?
Sounds more like a means for politicians and high profile people to prevent being fact checked rather than a “right to be forgotten” law. Like, say, I dunno, if Chris Dodd were to more or less admit that corporate interests essentially bribe Congress he can later try to have that expunged from the records/internet. Sounds like a useful way to stifle political discourse (Granted that wouldn’t apply here given Dodd isn’t a EU citizen, but I’m sure there’s a European equivalent out there somewhere).
What goes around comes around
While you may not like what the EU is contemplating, especially its impact on the USA, look at the flip side. The USA is imposing its laws on the rest of the world with gay abandon and does not give a tinker’s damn about its actions.
Shall we just call this what it will actually be used for in practice?
The right of the rich and powerful to have things they don’t like about themselves to be covered up law.
Why not expand it to how far it actually needs to go, that we need to develop a technology to erase things about people from our minds, we can all queue up once a month to have the zaps delivered to make sure that none of us can remember a scandal or misdeed by someone.
It makes perfect sense.
Maybe a better amendment would be to add the caveat that this law can not apply to anyone who has ever held office.
It worked in Indiana where someone was pushing a drug testing for welfare recipients. Someone merely added an amendment that required the Asemblymen voting on this to undergo the same testing… they immediately withdrew the bill.
http://boingboing.net/2012/01/31/illinois-assemblyman-withdraws.html
It also got some attention in Virginia from a state senator doing battle with the anti-abortion minded…
“To protest a bill that would require women to undergo an ultrasound before having an abortion, Virginia State Sen. Janet Howell (D-Fairfax) on Monday attached an amendment that would require men to have a rectal exam and a cardiac stress test before obtaining a prescription for erectile dysfunction medication.”
http://boingboing.net/2012/01/30/va-state-senator-attaches-rect.html
There does seem to be a general disconnect from these absurd ideas until you make them apply to everyone.
Quid pro Quo
If the US wants to force the EU to adopt all of their idiotic copyright laws then they better be prepared to reciprocate. If someone has an issue with “identity theft” why should they not be entitled to have all information about them removed from the internet.
If some teenager (such as the ones recently barred by US security) who post something silly on Facebook, want it to still be there 10 , 15, or 20 years from now. Please Mr Zuckerman take it down, or Mr Zuckerman if you don’t take it down you will hear from my lawyer. Which would YOU prefer?
Re: Quid pro Quo
Twitter.
And the person made his feed private now so he is no longer being monitored by DHS or General Dynamics scouring the web looking for people showing them in a bad light.
Anonymity
Ironically, this could require that you maintain more information about certain users. Suppose someone posts simply as “John Smith” without creating an account. Several years later, someone named John Smith returns to ask that you remove his data. You’d have no way of verifying that this is the same John Smith, unless you retained personally identifiable information about him after he posted.
The Basic Problem Is, The Law Won?t Work
The only way such a principle would work is for the EU to somehow impose its own laws on the entire Internet. Given the mixed success the US has enjoyed trying to do the same thing, I don?t hold out much hope for Europe doing any better.
Doesn?t matter whether you think such a law is morally justifiable or not, the basic fact is that it would be unenforceable.
Yes, people are doing stupid things on the Internet, and then regretting it later. Yes, it is having devastating effects on some lives and careers. Seems like the only real answer is for people to stop being so judgemental about such peccadilloes.
Looks like a one way street to me. Only rich important people will be given this “right”, the commoners will not ever be forgotten – and certainly not the bloody pirates.
Rather than that, shouldn’t them be worried about privacy issues? Think about Google or Facebook. Shouldn’t I be able to decide which data they are gonna collect about me and how this data is going to be used (ie: shouldn’t I be able to say completely anonymous to their advertisers?)?
Shouldn’t they be worried about making complete privacy the default option on any service rather than opt-in like Facebook (and others) frequently present stuff?
I can see the reasoning behind this but they are going at it the wrong way.
Re: Re:
Think about Google or Facebook. Shouldn’t I be able to decide which data they are gonna collect about me and how this data is going to be used (ie: shouldn’t I be able to say completely anonymous to their advertisers?)?
I don’t think that’s an appropriate matter for legislation. As long as they’re not doing anything fraudulent or deceptive, you can choose to use the service or not.
There seems to be far too much confusion over what this law actually has effect over. The law targets PERSONAL information, i.e. information which can be linked back to you as an individual. It won’t have any effect on information that is effectively anonymous.
This means that Techdirt doesn’t have to do much if an EU citizen wants their personal information removed. In this case the personal information is limited to their name and email address. All it would take is a simple database search on that person’s email, and to replace the name and email with suitable anonymous values. That makes the commenter nothing more than an Anonymous Coward.
The main intent of the law is for firms that hold large quantities of personal (and potentially sensitive) information on an individual. Marketing companies, for example, would have to remove any identifying data on that person. They would not, however, need to remove that data from any anonymous aggregates that they use for statistical purposes.
One may as well demand that entropy decrease.
Why not just make it a requirement for European users to “sign” an agreement that we understand that no postings will be deleted, under ANY circumstances, and that we are good with it. That way the onus is back on the poster…
eh?
It seems a lot of you have strange ideas regarding this.
I’m a web designer and forum owner, and I welcome this idea. It’s not hard to give a person a “delete my account” button. You don’t even need to remove the posts, just remove the name associated with the posts.
This is more to do with facebook, google and other massive websites building profiles on it’s users, then keeping it forever. Facebook starts making a profile for you even if you don’t have a facebook account. All they need to do is give the option to the user to hard erase all information connected to their account, that’s not hard, that’s not infeasible. So this won’t be used to to delete random comments, but to delete the profiles sites make on you.
I think you’re all taking the word “forgotten” way too literally, of course they don’t think the information will be forgotten, but it will be deleted.
Superinjunctions etc
In the UK we had the ridiculous scenario where it was illegal for anyone to report that a famous footballer had had an affair with someone (or even that such an injunction existed). By the end everyone knew the facts but no-one could report them.
I worry about a few things with a “right to delete” law such as this.
John Smith writes on Techdirt “the sky is red”
Peter Jones writes “John Smith says the sky is red but I disagree”.
John Smith writes to Mike and demands his remark is removed.
Does Mike have to find and remove Peter Jones’ comment too ?
I would like to see
– the right to ask Facebook et al to COMPLETELY delete an account and all related historic data
– a company such as Facebook make it clear in their TOC when you signup that there might be a charge for this and what the charge would be. (Then they can’t complain about the urden)
– where I signed TOC’s that hand over copyright of my postings, there should be a clear fee structure for buying it back.
– the company would also make it clear where their responsibility ends (ie with their own servers). Mirrors, caches etc held elsewhere are not their problem and they won’t scour the internet clearing up stuff that propagated as a result of it being publically accessible at some point.
I heard someone on the news (a publicist) complaining that a 1 week jail term 20 years ago was the first thing that comes up on google about his client. I thought “tough”.
I don’t think ANYONE should be able to censor facts that have at anytime been in the public domain. And that includes people running for office with previous DUI’s etc. A fact is a fact, and it can’t be copyrighted and shouldn’t be censored.
Therefore if I choose to demand to redact my comments in a forum
– I better make sure I didn’t give away the copyright first (read the TOC’s !) or else be prepared to buy it back.
– I should understand that the FACT that I made comments on the forum will be true and available in the public domain , even if the content is not.
I don’t think it’s unreasonable for google to remove cached copies of content where the original content has been legitimately removed by some legal process. I’m sure they do already , but that’s just a personal guess.
If suddenly we have to worry about massive fines from Europe just because someone regrets what they said in a comment years ago, I’m not sure what we’ll do.
IP block Europe, then declare the problem solved. The idiots raising a fuss will buy it and never bother you again, and everyone else will use a proxy.
Problem lies between keyboard and chair, not with the technology.
My rule no.1 for the use of sites like FaceBook: Don’t post anything on it that you wouldn’t be prepared to put on a sandwich board and stroll through a local shopping mall wearing it.
Worst comes to worst, ban European IPs from posting. Yeah they can use proxies, but then the comment will have the appearance of originating somewhere other than Europe so you could plead ignorance.
Can someone explain to me...
I’m not sure I understand where the article is coming from. Considering all of the laws that I’ve seen running through U.S. and EU governments lately, this one seems like a breadth of fresh air! No, maybe it won’t do any good in the long run, but it seems to me that the very idea of such a bill is a step in the right direction for these politicians. Like maybe they’re finally starting to grasp that privacy is important.
I don’t know though. Am I interpreting the bill wrong? Someone want to explain to me how this is a bad bill?
How about the delete button?
This is the first thing I have seen on Tech Dirt that I deeply and emphatically disagree with the staff about. I am sick and tired of online “services” inventing fun ways to make content added by users belong to them in some sense.
Simply code a delete button into the site and allow people to delete their own comments at any time.
The End
p.s. If someone posts anonymously and can’t delete, well, then their privacy or “right to be forgotten” is not being infringed then, is it?
p.p.s. If someone quoted them before they erased their post, well, too bad. Their words are no longer just their own. You got caught saying something you believed. Deal with it.
Re: How about the delete button?
I agree with you, I just don’t see why it has to be a government mandated delete button. Why can’t the users decide whether they want to support sites with the delete button or sites without the delete button?
Re: How about the delete button?
“Their words are no longer just their own.”
That is what happens when you publish to a communication platform.
Deal with it.
Knock knock
Who’s there?
Let’s go on a bike ride!
Childish laws for an immature unconcsious civilization.
I can somewhat see the reasoning behind these proposals – but only up to a point. If YOU post anything online, it’s public forever – comments, drunken Mardi Gras pics, everything. But what if someone maliciously posts info about you? Or what about 3rd-party aggregators? That’s a somewhat stickier point.
Regardless of whether these laws get enacted, I would propose to the W3C a new tag: so if information DOES disappear we’ll have searchable evidence of it – and, as a bonus, we’ll get those groovy blacked-out lines wherever info is redacted.
EDIT: proposed HTML tag: [CENSORED “length = x”/]
What about metadata?
What about metadata? Are they going to delete the data about deleting data so there is no data about a request for data deletion?
What would prevent someone (say Chilling Effects) from publishing a paper-copy journal of “forgotten people”?
Re: Re:
Nothing.