There used to be a saying illustrating the permanent nature of the internet; once something is put online, it is there forever. However, the truth of this saying is being challenged. Google has announced on February 11th that it will apply data removal requests from European citizens on all of its domains around the world. Beforehand, ‘the right to be forgotten’ was only being applied to the company’s European domains, after a European Court case (Vidal-Hall vs Google) in 2014 ruled that the tech giant must comply with these requests on the grounds that “individuals have the right-under certain conditions-to ask search engines to remove links with personal information about them.”
This concept, despite only being accepted officially by European regulators in recent years, has been discussed for a fair while. In the UK, a form of the concept had already been in existence within the Rehabilitation of Offenders Act, which insisted that after some time criminal convictions become ‘spent’ and thus should be disregarded when assessing one’s reputation when that person is applying for insurance or a position for employment. Other European countries too, favour such ideas, which allowed it to be officially applied in the context of the modern digital age.
The ruling in Vidal-Hall vs Google made significant steps to establishing this concept into cyberlaw. This case helped to clarify a few important points to set out the argument for companies like Google to comply with requests to remove certain links and webpages from its search engines. First of all, the court ruled that even if the data centres processing the information presented in a search engine is located outside the Europe, EU rules remain applicable if that search engine still provides its services to one of the member states. Secondly, with search engines work with vast amounts of personal data and, therefore, are subject to rules regulating such industries, and company cannot escape these rules since its services fall under the court’s definition of a search engine. Lastly, European citizens have the right to have webpages and links exempted from search engines if the information disclosed by these items is “inaccurate, inadequate, irrelevant or excessive for the purposes of the data processing.”
It is the Data Protection Directive of 1995 which forms some of the foundations of ‘the right to be forgotten’ principle. More specifically, Article 12 of the Directive alludes to the idea, stating that “a person can ask for personal data to be deleted once the data is no longer necessary”; a similar rationale to the one behind the Rehabilitation of Offenders Act in the UK.
Despite the court’s ruling, the major loophole in the concept is that it was absent-minded about the ubiquity of the internet. Even if someone was able to successfully remove information about them from European Google domains, one could still find the information by accessing the US domain. Of course, privacy advocates across Europe were quick to point out that without committing to a universal deployment of the lawful practice, its effects were enfeebled. A swift response saw Eu regulators emphasising the need to broaden the ruling, and prompted Google to apply the right to be forgotten to all of the domains it owned on the web. The engraining of the concept within European law has been a lengthy process, but it has finally come to fruition. Though it would be a mistake to assume that such events would encourage other regulators to make similar moves.
It’s Not For Everyone
US regulators often contrast the ideals of its European counterparts on issues regarding data protection and individual rights in the digital age, and there is certainly a lack of consensus over the right to be forgotten. The US, staying loyal to its precious constitution, values the right to freedom of speech and expression over Europe’s data protection ideals. The first amendment of the US constitution allows only for a very limited version of the right to bed forgotten, as it threatens free speech and expression by encouraging unnecessary censorship. This was very much the point exemplified in Sidis vs FR Publishing Corp. This case consisted of a former child prodigy, William James Sidis, who preferred to live his adult life without mass public recognition. However, the court ruled that there were limits to the right to manipulate information about oneself, emphasising the value to society in the publication of facts, and that person cannot simply discard facts about them out of a hollow desire to do so. Subsequently, the US only allows the deletion of information about person submitted by the person themselves, yet are not permitted to force information about them coming from others to be discarded.
This dismissal of the right to be forgotten highlights an important weakness of the principle. Index Censorship, a publication organisation advocating free speech, suggested that granting the right to be forgotten “allows individuals to complain to search engines about information they do not like with no legal oversight.” This has some truth; requests are left to the interpretation of search engines, like Google, which brings up questions surrounding the validation of such a process. This entertains the possibility of search engines providing results from search queries which are more biased than neutral.
The EU released a factsheet to address some of the concerns associated with its regulations, but this has not completely convinced opposers. The right to be forgotten may, therefore, be a widely accepted concept, desired by citizens and granted by regulators and politicians in Europe, but the same cannot necessarily be said elsewhere. The precedent in Europe, so far, has not had much universal appeal, and, at least of the foreseeable future, that may always be the case.