Don’t Let The Right To Be Forgotten Be Forgotten

We should look at ways to forge opportunities from the right to be forgotten, says Tom Brewster.

There’s been a lot of blustering and blarney surrounding the EU’s proposed “right to be forgotten”. Some big voices are claiming that the right, which is a core part of the European Commission’s data protection regulation, is simply unworkable.

Earlier this week, the ICO’s deputy commissioner David Smith said he had doubts about it. “When I read it I have difficulty understanding what the rights are… There is an element of political gesturing or posturing here,” he said during a meeting with lawyers and journalists on Wednesday. “If you unpick it, I’m not sure it amounts to a great deal.”

Later in the week, one of the fathers of the internet Vint Cerf told the Daily Telegraph “you can’t go out and remove content from everybody’s computer just because you want the world to forget about something. I don’t think it’s a practical proposition at all.”

Who’s data is it anyway?

But let’s not forget where these two gentlemen come from. Both are from organisations which would benefit from the EU ditching the right to be forgotten. The ICO would not have to invest more resources in ensuring the law is clear, or enforce the regulation on big companies who it has traditionally been fearful of punishing.

Cerf, meanwhile, is an employee of Google. He, like others at Google, wants to defend the company, just as Cerf did with the firm’s privacy policy changes last week. Now, if people were able to assert their rights and ask Google to delete data on them, the tech giant would lose out massively. Google’s business is advertising, sharing user data with marketers so ads are tailored to users. If Google loses a raft of that information, and it might if people continue to get increasingly tetchy about privacy, it will lose one of its biggest selling points to advertisers.

The right to be forgotten means a big headache for businesses and regulators alike, but it is one of the few areas of the EU’s proposed legislation that makes a lot of sense. It is the most ethically sound idea in the regulation. Why shouldn’t I be able to have my data deleted from the web? Not that I would, but what if I wanted to live completely without a web identity? EU citizens should be able to remove themselves from the internet and companies should not be the ones to decide whether they can or not.

That’s not to say enforcing the right would be simple. Cerf is right to question whether completely deleting data relating to an individual is even possible. The way people use the internet today, with their data disseminated so widely and in such complex ways, stored in dark data centres that companies protect not just with high level security stacks but with armoured guards too, it would be extremely hard to eradicate traces of people from the web. It will be a major technological challenge. But we should not sit back and say it is impossible. Do not let the owners of web services and those that regulate them dictate how people use the internet.

The business of privacy

As science fiction author and privacy advocate Cory Doctorow told us recently, privacy can be made into a business. It does not have to be a burden. There is surely room for more start-ups who can assist companies in finding user data and destroying it. I’ve thought of a few names already: Dog the Data Hunter, Identity Inquirer, Where’s Wally’s Info?

Where there is a will, there is a market. So rather than moan about all the bad aspects of the EU’s plans – and there are some evidently unnecessarily tough provisions like the 24-hour disclosure rule – let’s try to figure out how to benefit from them. More importantly, as the regulation is wrangled with by law makers and legal entities, let’s not let them forget the importance and value of the right to be forgotten.

How much do you know about internet security? Test your knowledge with our quiz.