Law in the Internet Society

View   r4  >  r3  >  r2  >  r1
RemicardSeremeSecondEssay 4 - 02 Feb 2022 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

The Right to be forgotten

Line: 18 to 18
 It has been successfully invoked in a few cases: a dutch surgeon obtained the deletion of certain links to websites containing an unofficial blacklist of healthcare professionals on which she was listed; the ECtHR ruled that an order by Belgian national courts to a Belgian newspaper to anonymize the name of the driver for a fatal accident in 1994 in an article included in the newspaper’s digital archives on the basis of the right to be forgotten, didn’t constitute a violation of the publisher’s right to freedom of expression under Article 10 ECHR. However, more often than not these cases don’t go to court or are unsuccessful like in the M.L. and W.W. v. Germany case.
Added:
>
>
Legal research by Google, turning up journalism rather than cases.

 The best argument for this “right to delisting” is to empower people who are harmed or distressed by information about them on the internet and don’t have the means to hire lawyers and allow them to obtain a certain form of remedy. However, it can hardly be argued that this regulation achieves that goal. Shortly after the 2014 decision, Google set up a web form that allows people to signal links which they want to be taken down and why. However, Google barely shares any statistics about how many complaints it has processed and enjoys broad discretion on how to decide these cases. Furthermore, in a 2019 case opposing Google and the CNIL, the top data-protection regulator in France, the ECJ ruled that Art 17 GDPR cannot be enforced outside of the European Union, which means that one only needs to search on Google.com for the de-listed link in Europe to be accessible.
Line: 27 to 31
 I believe that rather than a “right to be forgotten”, the EU should enact a “right to be remembered” which would require users to opt-in for being tracked and for companies to store their personal information. The idea would be to promote a net without surveillance, but I am aware that it is not within the powers of the EU to do so as they have no real control over the major players of the net like Google.

Added:
>
>
An improvement, for sure. The draft is no longer retailing decade-old falsehoods. Even though the research is spotty it is sufficient to reveal that the received wisdom is total bullshit.

The next draft can now begin the real investigation: what does it mean that this highly-promoted nonsense is the official story of a supposedly-important regulatory innovation by the European Commission?

 

RemicardSeremeSecondEssay 3 - 13 Jan 2022 - Main.RemicardSereme
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

The Right to be forgotten

Changed:
<
<
-- By RemicardSereme - 08 Dec 2021
>
>
-- By RemicardSereme - 13 January 2021
 
Changed:
<
<
This essay focuses on the « right to be forgotten » guaranteed to citizens of European Union Member States. This idea came to me during one of our discussions on the usefulness of regulations as a tool to protect privacy on the net. I wanted to take a look at some of the regulations passed by the European Union, as it has been particularly active and vocal on these issues these past few years, especially with the General Data Protection Regulation. The right to be forgotten struck me as a good case study because of all the debate which has surrounded it since it came into being in 2014. My idea here is that this « right to be forgotten » serves as a prime example of the inadequacy of the European Union’s approach to addressing the issue of privacy on the net.
>
>
This essay focuses on the « right to be forgotten » guaranteed to citizens of European Union Member States. This idea came to me during one of our discussions on the usefulness of regulations as a tool to protect privacy on the net. I wanted to take a look at some of the regulations passed by the European Union, as it has been particularly active and vocal on these issues these past few years, especially with the General Data Protection Regulation (GDPR). The right to be forgotten struck me as a good case study because of all the debate which has surrounded it since it came into being in 2014. I aim to make a brief inquiry into what exactly is this right, how it came to be, and the extent of its effectiveness three-quarters of a decade later.
 
Changed:
<
<

I. The right to be forgotten and the debates surrounding it

>
>

I. The History of the “right to be forgotten"

 
Changed:
<
<

What is the right to be forgotten?

>
>
The right to erasure, commonly referred to as “the right to be forgotten”, is guaranteed in Article 17 of the GDPR. It provides a right for individuals to “to obtain from the controller the erasure of personal data concerning him or her without undue delay”. This right is, however, not an absolute one, it can only be exercised in a list of specific circumstances and is subject to several exceptions.
 
Changed:
<
<
The right to be forgotten is an extension of the right to erasure which has been granted to individuals since the 1995 EU Directive on Data Protection, which gave them the right to have all personal data related to them deleted when they leave a service or close an account. The right to be forgotten as we talk about it in this essay was originally established by a 2014 European Court of Justice Ruling in which the court held that European citizens have a right to delisting, meaning that they can request that search engines, like Google, delist certain links from their search index if the results contain personal information that is « inadequate, irrelevant, or no longer relevant, or excessive ». This ruling was then adopted into Article 17 of the GDPR which states that: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”.
>
>
The right to be forgotten as inscribed in the GDPR was established by the Court of Justice of the European Union (ECJ) Google Spain SL and Google Inc judgment in 2014. The ECJ held that European citizens can request that search engines, like Google, delist certain links from their search index if the results contain personal information that is « inadequate, irrelevant, or no longer relevant, or excessive ». Before that, it was actually introduced in early 2012 during a press conference by Viviane Reding, the former European Commissioner for Justice, Fundamental Rights, and Citizenship. She affirmed that “people shall have the right - and not the “possibility” - to withdraw their consent to the processing of the personal data they have given out themselves”. However, it seems that the Commission as a whole wasn’t necessarily on board with this affirmation as they made an observation to the ECJ in the Google Spain case, explaining that “Article 14 of Directive 95/46 confer rights upon data subjects only if the processing in question is incompatible with the directive or on compelling legitimate grounds relating to their particular situation, and not merely because they consider that that processing may be prejudicial to them or they wish that the data being processed sink into oblivion.” However, following the Court’s decision in 2014 and general public worry over data privacy within the EU, the right to be forgotten ended-up being made into law anyway as a right to de-indexing, which is quite different, but is designated under the same name because of the instant and resounding success of “the right to be forgotten” as a slogan to answer the mounting anxieties within the EU about the potential harm that can be caused by information stored and searchable on the internet.
 
Changed:
<
<
This right is, however, not an absolute one, it can only be applied in a list of specific circumstances and is subject to several exceptions
>
>

II. An Illusory Right

 
Changed:
<
<

Arguments in favor of this right

>
>
Three-quarters of a decade later, “the right to be forgotten” has gained some traction around the world. In 2015, Russia enacted its own “right to be forgotten” bill, it has been recognized to some extent in Turkey and is currently being debated in India.
 
Changed:
<
<
Proponents of this right argue that it is a way to guarantee individual privacy by putting a stop to the continuous availability of certain personal information which can cause serious injustice to individuals, without any public interest in having such information available.
>
>
It has been successfully invoked in a few cases: a dutch surgeon obtained the deletion of certain links to websites containing an unofficial blacklist of healthcare professionals on which she was listed; the ECtHR ruled that an order by Belgian national courts to a Belgian newspaper to anonymize the name of the driver for a fatal accident in 1994 in an article included in the newspaper’s digital archives on the basis of the right to be forgotten, didn’t constitute a violation of the publisher’s right to freedom of expression under Article 10 ECHR. However, more often than not these cases don’t go to court or are unsuccessful like in the M.L. and W.W. v. Germany case.
 
Changed:
<
<

Arguments against this right

>
>
The best argument for this “right to delisting” is to empower people who are harmed or distressed by information about them on the internet and don’t have the means to hire lawyers and allow them to obtain a certain form of remedy. However, it can hardly be argued that this regulation achieves that goal. Shortly after the 2014 decision, Google set up a web form that allows people to signal links which they want to be taken down and why. However, Google barely shares any statistics about how many complaints it has processed and enjoys broad discretion on how to decide these cases. Furthermore, in a 2019 case opposing Google and the CNIL, the top data-protection regulator in France, the ECJ ruled that Art 17 GDPR cannot be enforced outside of the European Union, which means that one only needs to search on Google.com for the de-listed link in Europe to be accessible.
 
Deleted:
<
<
Those against it argue that it can endanger human rights as some autocratic governments can use it to limit what information are accessible online and that in a more general way it goes against freedom of speech.
 
Changed:
<
<

II. An Inadequate Regulation

>
>
Final Thoughts
 
Changed:
<
<
I see two main problems with this regulation:
>
>
We can therefore conclude that the right to be forgotten hasn’t and wasn’t meant to achieve any great strides to protect privacy on the net for European citizens. It only achieved to make search engines like Google the ultimate arbiters of privacy, without any oversight, even though ironically enough the whole point of this regulation was to respond to anti-Google sentiment within the EU.
 
Changed:
<
<

1) It's Limited Scope

The scope of this regulation is very narrow and imperfect. Delisting doesn’t mean that the data doesn’t exist anymore, it just means that it won’t be directly referenced on a search with the person’s name so nothing is forgotten, only access to it is restricted.

The European Court of Justice ruled in 2019, in a case opposing Google and the French Regulator CNIL (Commission Nationale de l'Informatique et des Libertés), that this right only applies within the EU, which makes no sense since you need only to use another IP address to access the information as pointed out by the CNIL, it’s useless if it doesn’t have a global reach.

Companies don’t have to accede to your request, you have to plead your case and justify why it should be removed. It effectively gives Google judicial power in allowing you to make a decision about something which is yours in the first place.

2)The very premise of this regulation is problematic

It was made on the premise that it’s a given that our personal information is stocked indefinitely and in the hand of some entities, therefore we need to make an active effort to sort of exert some control over it. The right to be forgotten doesn’t address the core problem of data privacy at all which is the fact that different entities retain and commercialize our data.

The EU is missing the point by not trying to solve the bigger problem. Instead of a right to be forgotten, the EU should enforce a right to not be remembered in the first place, not allow data to be gathered. At the same time, it should teach kids how to use technology in a way that wouldn’t require a right to be forgotten. In other words, it should fund programs that would teach everyone how to protect their own data by for example using their own software.

Conclusion

We can therefore conclude that this right to be forgotten illustrates the non-inventive way in which the EU tackles issues of privacy in the net. Instead of thinking about treating the root causes, it tried to put a band-aid on the symptoms and ended up giving more power to search engines like Google to be judge, jury, and executioner over our data, even more than they are today.

I don't understand this draft. There aren't any facts about the effect of the regulation in the real world, which three quarters of a decade later one would expect to find in any discussion. There isn't any history of the making of this policy. (Which is too bad, because the whole thing started from a mistake by Vivienne Redding, who hadn't read her briefing papers and who made the whole thing up at a press conference.) There's no reference to the actual class discussion. I there pointed out that in the Wesley Newcomb Hohfeld sense a right to be forgotten implies the existence of a duty to forget, which no theory of free expression would make acceptable. (Hence the rhetorical transformation of the Commissioner's brain fart into "the right to be deindexed," which is not at all the same. There is no reference to the US First Amendment, which makes little sense in view of the essay's conclusion. Saying that the initiative was "non-inventive" because it didn't address the subjects it wasn't intended to address seems to me just about the only criticism that could unfairly be alleged against what was really just a crowd-pleasing anti-Google trick.

I think the best way to make the draft better is to get closer to some actualities, whether the ones I have suggested or some others.

>
>
I believe that rather than a “right to be forgotten”, the EU should enact a “right to be remembered” which would require users to opt-in for being tracked and for companies to store their personal information. The idea would be to promote a net without surveillance, but I am aware that it is not within the powers of the EU to do so as they have no real control over the major players of the net like Google.
 

RemicardSeremeSecondEssay 2 - 07 Jan 2022 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

The Right to be forgotten

Line: 44 to 44
 We can therefore conclude that this right to be forgotten illustrates the non-inventive way in which the EU tackles issues of privacy in the net. Instead of thinking about treating the root causes, it tried to put a band-aid on the symptoms and ended up giving more power to search engines like Google to be judge, jury, and executioner over our data, even more than they are today.
Added:
>
>
I don't understand this draft. There aren't any facts about the effect of the regulation in the real world, which three quarters of a decade later one would expect to find in any discussion. There isn't any history of the making of this policy. (Which is too bad, because the whole thing started from a mistake by Vivienne Redding, who hadn't read her briefing papers and who made the whole thing up at a press conference.) There's no reference to the actual class discussion. I there pointed out that in the Wesley Newcomb Hohfeld sense a right to be forgotten implies the existence of a duty to forget, which no theory of free expression would make acceptable. (Hence the rhetorical transformation of the Commissioner's brain fart into "the right to be deindexed," which is not at all the same. There is no reference to the US First Amendment, which makes little sense in view of the essay's conclusion. Saying that the initiative was "non-inventive" because it didn't address the subjects it wasn't intended to address seems to me just about the only criticism that could unfairly be alleged against what was really just a crowd-pleasing anti-Google trick.

I think the best way to make the draft better is to get closer to some actualities, whether the ones I have suggested or some others.

 

RemicardSeremeSecondEssay 1 - 08 Dec 2021 - Main.RemicardSereme
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="SecondEssay"

The Right to be forgotten

-- By RemicardSereme - 08 Dec 2021

This essay focuses on the « right to be forgotten » guaranteed to citizens of European Union Member States. This idea came to me during one of our discussions on the usefulness of regulations as a tool to protect privacy on the net. I wanted to take a look at some of the regulations passed by the European Union, as it has been particularly active and vocal on these issues these past few years, especially with the General Data Protection Regulation. The right to be forgotten struck me as a good case study because of all the debate which has surrounded it since it came into being in 2014. My idea here is that this « right to be forgotten » serves as a prime example of the inadequacy of the European Union’s approach to addressing the issue of privacy on the net.

I. The right to be forgotten and the debates surrounding it

What is the right to be forgotten?

The right to be forgotten is an extension of the right to erasure which has been granted to individuals since the 1995 EU Directive on Data Protection, which gave them the right to have all personal data related to them deleted when they leave a service or close an account. The right to be forgotten as we talk about it in this essay was originally established by a 2014 European Court of Justice Ruling in which the court held that European citizens have a right to delisting, meaning that they can request that search engines, like Google, delist certain links from their search index if the results contain personal information that is « inadequate, irrelevant, or no longer relevant, or excessive ». This ruling was then adopted into Article 17 of the GDPR which states that: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”.

This right is, however, not an absolute one, it can only be applied in a list of specific circumstances and is subject to several exceptions

Arguments in favor of this right

Proponents of this right argue that it is a way to guarantee individual privacy by putting a stop to the continuous availability of certain personal information which can cause serious injustice to individuals, without any public interest in having such information available.

Arguments against this right

Those against it argue that it can endanger human rights as some autocratic governments can use it to limit what information are accessible online and that in a more general way it goes against freedom of speech.

II. An Inadequate Regulation

I see two main problems with this regulation:

1) It's Limited Scope

The scope of this regulation is very narrow and imperfect. Delisting doesn’t mean that the data doesn’t exist anymore, it just means that it won’t be directly referenced on a search with the person’s name so nothing is forgotten, only access to it is restricted.

The European Court of Justice ruled in 2019, in a case opposing Google and the French Regulator CNIL (Commission Nationale de l'Informatique et des Libertés), that this right only applies within the EU, which makes no sense since you need only to use another IP address to access the information as pointed out by the CNIL, it’s useless if it doesn’t have a global reach.

Companies don’t have to accede to your request, you have to plead your case and justify why it should be removed. It effectively gives Google judicial power in allowing you to make a decision about something which is yours in the first place.

2)The very premise of this regulation is problematic

It was made on the premise that it’s a given that our personal information is stocked indefinitely and in the hand of some entities, therefore we need to make an active effort to sort of exert some control over it. The right to be forgotten doesn’t address the core problem of data privacy at all which is the fact that different entities retain and commercialize our data.

The EU is missing the point by not trying to solve the bigger problem. Instead of a right to be forgotten, the EU should enforce a right to not be remembered in the first place, not allow data to be gathered. At the same time, it should teach kids how to use technology in a way that wouldn’t require a right to be forgotten. In other words, it should fund programs that would teach everyone how to protect their own data by for example using their own software.

Conclusion

We can therefore conclude that this right to be forgotten illustrates the non-inventive way in which the EU tackles issues of privacy in the net. Instead of thinking about treating the root causes, it tried to put a band-aid on the symptoms and ended up giving more power to search engines like Google to be judge, jury, and executioner over our data, even more than they are today.


Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Revision 4r4 - 02 Feb 2022 - 11:30:19 - EbenMoglen
Revision 3r3 - 13 Jan 2022 - 22:57:03 - RemicardSereme
Revision 2r2 - 07 Jan 2022 - 16:29:23 - EbenMoglen
Revision 1r1 - 08 Dec 2021 - 06:16:09 - RemicardSereme
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM