photo © 2008 Mike Baird | more info (via: Wylio)
Have you ever tried to search the web for information relating to yourself?
If yes, how accurate were the results that showed up, say, in Google?
And what would you do if you found information or data that were not really up-to-date, or were inaccurate or even libelous?
Well, you might rely on the law of data protection and undertake certain actions. And if you are domiciled in Spain, which is known for its higher standards on data protection, your actions are likely to be more fruitful than elsewhere.
This is at least what the story of the Spanish doctor Guidotti Russo evidences.
Imagine
that a 20 years old newspaper article covering some accusations against you, is still being accessible via Google’s search engine. Imagine further that, in the mean time, you have been cleared from all those accusations.
What would you do? Or put another way, what are the remedies you may rely upon?
The law on data protection
in the European Union is approximated by the Directive 95/46/EC. Accordingly, its Article 6 provides that “… every reasonable step must be taken to ensure that data which are inaccurate or incomplete… are erased or rectified.”
This is what Dr Russo appears to have requested before the Agencia Española de Protección de Datos, namely that Google be ordered to cease the access to that newspaper article.
Not surprisingly, Google, asserting the right to information access, did not obey and the issue landed before an ordinary court in Madrid.
From what I read, this court has been considering to ask the Court of Justice of the European Union for a preliminary ruling.
Other commentators on the Web did already make a link between this case and
“The right to be forgotten”
which the European Commission recently presented in its communication COM(2010)609. That oddly named right seems to be a part of Commission’s plan to revise the data protection rules, in order to strengthen individuals’ rights.
The Commission defines it as “the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes. This is the case, for example, when processing is based on the person’s consent and when he or she withdraws consent or when the storage period has expired;”
Hmm, I do not see any significant difference to the language of the Data Protection Directive I quoted above. Do you?
So, I guess clarifications will follow.
Anyway, my personal opinion is that a right to be forgotten should result in a mechanism of data self-destruction or data fading away which individuals should be able to configure as they like. Equally important, such right should be incapable of being contractually waived.
Once introduced, however, a right to be forgotten will very likely collide with another fundamental right -
The right to access information
It is obvious – in today’s information society the right to access information has become important more than ever. Data or information that is subject to a self-destruction will, however, seriously challenge that rights’s fundamental character.
At a first glance, this argument seems to hold water.
But hey! What data should the right to be forgotten concern?
Is it not about personal data?
And since it is, why should someone else’s right to access my personal data trump my right to determine whether that someone should access it in the first place?
Invitation to discuss
For me, the existence of a digital oblivion right evokes questions upon questions. It appears to be a really promising discussion topic, does it not?
Hence, do not hesitate to tell me what you think about it!
Did you find this article informative or helpful? If yes, you might want to share it by pressing one of below buttons or to otherwise tell your friends about it.