Do You Have a Right to Be Forgotten?

Earlier this year, the European Court of Justice ruled that Google is a "data controller" under the 19-year-old European data protection law, which gives individuals rights over data about them that others control. This ruling could effectively limit certain information on the Internet in Europe, and also which information would be allowed in the U.S. For example, in Spain, nearly 100 citizens would like to have information about themselves deleted from the Web. Some are embarrassed about misdemeanor arrests years ago when they were in college. Others have been victims of identity thieves or violent crimes and, understandably, don’t want their home addresses to be easily determined. The issue comes up because the official Spanish government gazette, published for 350 years every weekday, contains data required to be published publicly about bankruptcy, crime and other potentially sensitive subjects. It has been difficult to access this publication in years past and was typically unread, gathering dust at a library. But two years ago the government gazette information went online, making old and potentially embarrassing data easy to find. The Spanish government has ordered Google to stop indexing information concerning the 100 citizens who filed complaints with the Spanish Data Protection Agency. These cases are now in Spanish courts. American law is based on the concepts of free speech, the public’s right to know and unfettered debate. U.S. courts have determined that the right to publish true statements by one about the past of another person outweighs the other person’s right to privacy. In Europe, there is no general right to say anything about anyone, even when the statement in question is true. International law experts have declared that the American and European cultures are headed in different directions as to legal notions of privacy. Europeans seek to balance freedom of speech and the public’s right to know against the personal rights of privacy of others. The European perspective has been shaped by the experience of individuals as victims in data collection and use by dictators like Franco, Mussolini and Hitler, and by Soviet authorities. In Germany, two persons who murdered someone 20 years ago have recently sued to suppress their identity as criminals on the basis of their own rights of privacy and their so-called “rights to be forgotten” after their criminal sentences have been served. Google has faced suits in Germany, Switzerland and the Czech Republic over its “Street View” feature, collecting photographs of streets and private homes and businesses. In Germany, citizens are allowed an option to not have their home or business photographed, and more than one quarter million have chosen this option. By contrast, this issue has resulted in little debate in the U.S. where persons may take pictures of anything in plain sight from a public street. European Union surveys have found that three in four persons worry about how Internet companies use their information and want the right to delete personal data at any time. Ninety percent believe the European Union should formalize in law the “right to be forgotten.” These individuals want to retain some limited rights to their own data, even if it is in cyberspace – they want, in effect, a right to withdraw from others permission to store their personal data. The U.S. recognizes no such rights to be forgotten or deleted. But the Federal Trade Commission has recommended that companies collect only the data about persons they need and to delete information that is no longer necessary. Congress has introduced a “Do Not Trace Kids Act of 2011,” which would require companies to allow parent and child users to delete publicly available information about minors from a web site. The bill remains pending. Some parents have been shocked to learn that their minor children have accumulated large amounts of debt because of the unlawful use of their Social Security numbers by others. There were more than 4,000 cases of child identity theft found in 2010 from a random pool of 40,000 American children age 18 and younger, a higher rate than for adults. Criminals like to use children’s Social Security numbers because adults have their own existing credit records under their own names. Google and other search engine companies have argued that the Spanish consumers and others should not seek to hold search engines responsible for information they extract from the Web, but should instead seek redress against those parties that posted the allegedly private information in the first place. But many European legal experts expect the search engines to nonetheless become more regulated because they are the ones effectively spreading the information that otherwise would likely not be found.