The ‘Right to be Forgotten’: A Right to Endless Argument

Rob Pegoraro
·Contributing Editor
image

Medusa the Gorgon. (Thinkstock)

When you look for yourself online, are you happy with what the Web reflects back?

Unlike your real reflection, there’s very little you can do directly to control how the Web, and especially search, displays you. For some, self-Googling reveals a hideous Gorgon: the self as a collection of stupid or sorry episodes from the past.

In the United States, that’s your own drama. But elsewhere, it’s a different story. A European court ruling last week makes it the search engine’s problem. The Luxembourg-based Court of Justice of the European Union held that EU citizens have a right to ask search engines to hide publicly available data from queries for their own names.

More: How to See Yourself as the Web Sees You: 5 Tips

The “right to be forgotten” that the judges outlined in 15,500-plus words of opinion is neither as expansive or as new as you might think. And this vague ruling’s fuzzy guidelines about who can invoke this right and what sites are exempt from responding to it amount to a full-employment act for the regulators and lawyers who get to sort this out.

(Disclosure: While the opinion mentions neither Yahoo Tech’s publisher Yahoo, nor its search provider, Microsoft’s Bing, both Yahoo and Microsoft are subject to it.)

Forgive us our debts
The case in question began in January of 1998, when a newspaper in Barcelona ran a government listing of properties being auctioned off to cover individuals’ social-security debts. One of the individuals affected, Mario Costeja González, found that a PDF with the listing kept appearing in searches for his name years after he’d paid up.

In 2010, Costeja González asked the Spanish data-protection authority to make the newspaper and Google hide that page. The authority ruled that the newspaper had no such obligation but that Google did, and the Court of Justice agreed.

How do you get from it being legal for a newspaper to publish government-provided information to it being potentially illegal for a search site to point to that data? The judges decided that indexing pages on the Web counted as “processing” the data, making Google subject to EU privacy directives.

The court said that by making it easy to put together different data points, a search site can provide a portrait of you that otherwise “could not have been interconnected or could have been only with great difficulty.”

And when that information appears “inadequate, irrelevant or no longer relevant,” European citizens have a particular right to ask a search site to stop showing it in response to searches for their names. If the site ignores them, they can ask regulators to step in.

It doesn’t seem they can protest unflattering results appearing in response to more generic queries like “back taxes Barcelona” or “deadbeats in Düsseldorf.” And the ruling says nothing about social networks, which can be a rich source of misinformation. But if you look for your name in the EU and don’t like what you see, the court gives you some recourse.

Exceptions to the rule
That court’s opinion contains two massively vague carve-outs.

The obvious one covers people with public names. The court ruled that any right to be forgotten may depend “on the interest of the public in having that information … [and] the role played by the data subject in public life.”

That statement is lawyer-bait. To lose this right to be forgotten, do you need to hold an elected office? Get promoted to a C-suite job? Have a Wikipedia entry? Collect a five-digit number of Twitter followers? And if you ascend to that level of name recognition after getting the ugly truth expunged from searches for you, should Google then put it back?

People who have already asked Google to clean up their search results include somebody who tried to kill his family, a convicted cyberstalker, a doctor whose patients didn’t appreciate their care, and an apparently disgraced politician.

The other loophole recognizes that privacy can clash explosively with freedom of expression. So the ruling allows pointing to “personal data” (again, we’re talking about stuff already online) “solely for journalistic purposes or the purpose of artistic or literary expression.”

But when I visit Google News — a site that EU publishers and politicians often say represents direct competition for newspapers — to look for coverage of a topic, why should that search be regulated while searching on a newspaper’s own site might not be?

There is a real issue here
But let’s hold off on scoffing at what may be taken as European nanny-state overregulation. Search sites, after all, already edit their results. The single biggest reason is to fight abuse by scammers — see, for example, Google demoting sites that display galleries of police mugshots and then charge the subjects of those photos to (maybe) have them taken down. 

Google will also, on request, wipe results that could “make a user susceptible to specific harm, such as identity theft or financial fraud.” And a bill passed last fall in California will let people under 18 require a site or app to erase things they shared there.

The EU court might have been on more solid ground if it had required that search sites give users a right to reply to results in their name, and then ensured that these responses appeared next to offending links. In some small ways, we already have that right: We can already post information about ourselves online, and any competent search site should not take long to recognize that it’s more relevant than a years-old story.

I’m not saying that all people can or will take advantage of the technological solutions to damaging search results. But is it a better solution to vaguely compel them to address this issue through the courts? Trying to write regulations for every privacy risk seems as ill-advised as trying to police every possible use of somebody else’s intellectual property. The law can’t solve every human problem, any more than “technology” or “the market” can.

Further reading: How to See Yourself as the Web Sees You: 5 Tips


Email Rob at rob@robpegoraro.com; follow him on Twitter at @robpegoraro.