Narrowing the Right to Be Forgotten: Why the European Union Needs to Amend the Proposed Data Protection Regulation
Brooklyn Journal of International Law
January 20, 2013
Brooklyn Journal of International Law, Vol. 39, No. 1, 2014
By the time a current thirteen-year-old is applying for college, or starting her professional career, she will have a social media history of her entire adolescence. However, due to a proposed regulation, citizens of the European Union may soon be able to contact a website and effectively demand the permanent removal of any and all unwanted content from the website’s server. This is part of the European Commission’s January 2012 proposal to overhaul the EU’s personal data privacy laws. If the European Parliament and European Council approve the proposed General Data Protection Regulation (“Regulation”), citizens of the EU will gain a new right called the “Right to be Forgotten.”
The proposed Right to Be Forgotten empowers individuals to assert greater control over their reputations and identities on the Internet, but further analysis reveals glaring issues with its effect on freedom of expression and notions of privacy. This controversial right would grant individual citizens the ability to demand the permanent removal of personal content from the Internet. This could be content posted either by themselves or by third parties. While the Regulation provides exceptions for content deemed artistic, journalistic, or literary, it leaves the determination of what constitutes an exception to the entity in charge of its removal (i.e. Google or Facebook). Furthermore, it penalizes companies for noncompliance. This has the potential to forcefully transform the role of these Internet companies from hosts to censors.
Courts around the world are beginning to tackle the issue of who controls personal content once it is posted to the Internet and the degree to which individuals can control their online reputations. For example, two women in Argentina recently won lawsuits both claiming the Right to be Forgotten. Virginia Da Cunha, an Argentinian pop star, sued Google and Yahoo! to take down explicit photographs posted to the Internet. These were photographs that she consented to but did not wish to be widely published on the Internet. After Da Cunha won on appeal, the content was removed from the Internet; a query on Yahoo!’s search engine in Argentina for the material will produce no search results. Similarly, an Argentinian model for Sports Illustrated, Yesica Toscanini, demanded Yahoo! take down photographs of her drinking at a party that had been posted to the Internet. The court “ordered Yahoo! to block ‘Yesica’ searches while the two sides appeal[ed].” Through the deletion of their presence on the Internet, these two cases exemplify the potential chilling effect the Right to Be Forgotten may have on individuals around the world.
This Note will argue that the ambiguity in implementation and enforcement of the Right to Be Forgotten will have a chilling effect on freedom of expression that outweighs its personal privacy benefits. It will then propose several solutions to reduce this chilling effect, while maintaining the Regulation’s goals of granting individual’s control over their online reputations. While the policy and goal behind the EU’s proposed “Right to Be Forgotten” empowers individuals to take control of their reputation and privacy, it is problematic for multiple reasons. For example, the penalty for noncompliance creates a dis- incentive for companies to genuinely evaluate Internet content to determine whether it falls within an exception named within the Regulation. Part I introduces Article 17, the Right to Be Forgotten, provides an overview of the Right to be Forgotten’s basis in EU privacy rights, and compares the right to U.S. privacy law. Part II analyzes the positive and negative aspects of the Right to Be Forgotten and suggests changes to make compliance more effective. Part III analogizes the Right to Be Forgotten to a theory of copyright law showing that the current draft of the Regulation will result in regulatory overreach. Finally, Part IV examines nonlegislative solutions to data privacy, finding that the Right to Be Forgotten is the best method to provide personal data privacy protection.
Number of Pages in PDF File: 33
Keywords: Right To Be Forgotten, European Union, Privacy, Data Privacy
Date posted: March 19, 2014