Data protection and the ‘right to be forgotten’ in practice: a UK perspective

We are in an uncertain and complex period for data protection and privacy in Europe, and especially so in the UK, following the result of the ‘Brexit’ referendum on 23 June 2016. Information law, and data protection in particular, are of increasing concern for those in the business of knowledge sharing and information dissemination: media organisations, academic institutions and libraries. The notion of the ‘right to be forgotten’ is particularly troublesome, as lawyers, archivists, historians and philosophers grapple with the theoretical and practical implications. This paper discusses a selection of recent European and British policy and legal developments, and discuss how they are changing social practice and citizens’ engagement with information rights

The Right To Be Forgotten as a Positive Force for Freedom of Expression

The right to be forgotten is generally portrayed as a restriction on freedom of speech, but the situation is more complex than this. In some ways the right to be forgotten works in favour of both freedom of speech and access to information – helping both those who wish to have their work accessed and those seeking information. Indeed, as this paper argues, if the right is properly implemented, the benefits to freedom of expression may well outweigh the risks

With special reference to GDPR

학위논문 (석사) -- 서울대학교 대학원 : 법과대학 법학과(지식재산전공), 2021. 2. 정상조.The prolonged exposure and retention of a massive amount of personal information on the Internet, as well as the frantic pursuit of data by companies and individuals in the age of big data, have created a new privacy crisis. As a legal response to the eternal memory of the Internet, the European Union has proposed The Right to Be Forgotten to tackle the privacy crisis by empowering individuals to take down ones information from the Internet in certain circumstances. Regarding such a right, what kind of attitude should the Chinese legal system adopt? Should it follow the European footsteps or maintain a more cautious stance on this right? As an emerging right originated from Europe, the study of the EUs attempts to construct and implement the right to be forgotten could provide a clear lens of the new right. Thus, the article will carefully study the EUs legislation in the General Data Protection Regulation (GDPR) and the implementation of the right to be forgotten. It attempts to analyze the connotation, the value conflict, and enforcement dilemmas of the new right. And on this basis, the article will explore whether there is room for localization of the right to be forgotten in China based on chinas national conditions. The paper consists of seven chapters: Chapter 1 examines the rationale of the right to be forgotten, revealing the foundation for the generation and growth of the right in Europe. Chapter 2 tracks back the legislative history of the right to be forgotten in the EU. It reveals how the right has been conceptualized over time and attempts to clarify the underlying values in the right to be forgotten. Chapter 3 attempts to delineate the scope of the right to be forgotten and explore what kinds of data are worth forgetting. Chapter 4 discusses the enforcement dilemma of the right to be forgotten, especially the role of search engines in the context of the right to be forgotten, and its ensuing obligations as a data controller. Chapter 5 turns the focus back to China. By sketching the framework of privacy and data protection law in china with a comparison to the right to be forgotten in the EU, it attempts to assess whether such legislative actions imply the right to be forgotten. Chapter 6 introduces the judicial practice of the right to be forgotten in China: Renjiayu v Baidu, which is called the First case of the right to be Forgotten in china. Through the interpretation of the judgments of the two trials, it can clarify the path of protecting the right to be forgotten under the existing Chinese law and the reject reasons, as well as the judges attitude to the right. The last Chapter 7 analyzes the possibility of Chinas introduction of the right to be forgotten from the perspective of necessity and the obstacles based on chinas national status.인터넷상에서의 수많은 개인정보의 장기간 노출과 보유, 또 빅데이터 시대에 회사와 개인들이 데이터에 열광하면서 새로운 프라이버시 위기가 찾아오고 있다. 유럽 연합은 인터넷의 영원한 기억에 대한 법적 대응으로 '잊혀질 권리'를 내세웠고, 개인에게 특정 상황에서 자신의 정보를 인터넷에서 삭제하도록 권한을 부여함으로써 이번 프라이버시 위기를 해결할 수 있도록 했다. 이러한 권리에 대해 중국의 법 제도는 어떤 태도를 취해야 하는가? 유럽을 따라야 하는가, 아니면 이 문제에 대해 좀 더 신중한 입장을 유지해야 하는가? 잊혀질 권리는 유럽에서 새롭게 생겨난 권리이다. 잊혀질 권리를 구축하고 정착 시키려는 EU의 시도를 연구함으로써 이 새로운 권리에 대해 명확한 시각에서 이해해 볼 수 있다. 따라서 본 논문은 EU의 개인정보보호규정(GDPR)의 입법 및 잊혀질 권리 실행에 대해 면밀하게 탐구함으로써 잊혀질 권리의 함의를 정의하고, 법의 가치 충돌 및 현실적 집행 딜레마에 대한 분석을 시도하였다. 또한 이를 바탕으로 본 논문은 중국의 실정에 맞추어 잊혀질 권리의 중국에서의 도입 가능 여부를 검토하였다. 본 논문은 총 7장으로 이루어져 있다. 제1장에서는 잊혀질 권리의 원리에 대해 탐구하고, 유럽에서의 잊혀질 권리의 탄생과 발전 기반에 대해 살펴보았다. 제2장에서는 역사 분석을 통해 EU의 잊혀질 권리 관련 입법 과정을 살펴보고, 잊혀질 권리의 기본 가치를 규명하였다. 제3장에서는 잊혀질 권리의 가치의 갈등에 대해 다루고, 어떠한 데이터가 잊혀질 만 한지에 대해 탐구하였다. 제4장에서는 잊혀질 권리의 실행 딜레마, 특히 검색엔진의 역할과 데이터 통제자로서의 의무에 대해 논하였다. 제5장에서는 중국에 주안점을 두어, 중국의 프라이버시와 데이터 보호법의 틀을 개략적으로 서술하였다. 또한 EU의 잊혀질 권리와의 비교를 통해 입법 동향에 잊혀질 권리가 내재되어 있는지 평가하였다. 제6장에서는 중국의 '잊혀질 권리 제1 사건'으로 불리는 '런지아위 바이두 고소 사건'에 대해 분석하였다. 판결문 해석을 통해 중국 현행법의 잊혀질 권리 보호 경로와 거부 사유, 그리고 판결 배후의 법관 고려 사항과 태도 등을 살펴볼 수 있었다. 마지막으로 제7장에서는 중국의 잊혀질 권리 도입의 필요성과 현실적인 장벽 등의 관점에서 중국의 잊혀질 권리 도입의 실행 가능성을 분석하였다.Introduction 1 1. Background: Perfect Memory of the Internet 1 2. Purpose and Research Question 1 3. Review of the Scholars' Opinions on the Localization of RTBF 3 3.1. Positive Attitude 3 3.2. Negative Attitude 5 3.3. Analysis of Above Opinions 7 4. Outline 8 5. Methodology 9 Chapter 1 The Rationale of the Right to Be Forgotten 11 1. The Right to Be Forgotten in Dignity: Forgetting and Forgive 11 1.1. The Right to Oblivion 12 1.2. Privacy Protection in Europe 13 2. The Right to Be Forgotten in Data Protection 15 2.1. Informational Self-determination: Control 15 2.2. The Fundamental Right to Protect Personal Information 16 3. Summary 18 Chapter 2 The Right to Be Forgotten in GDPR 19 1. Lack of uniformity in the conception of the right to be forgotten 19 1.1. Unique Meaning 20 1.2. Binary Meanings 20 1.3. Multiple Meanings 20 2. The Evolution of the Right to Be Forgotten in GDPR 22 2.1. Proposal of the Right to Be Forgotten: Withdraw Information Published by the Data Subject 22 2.2. Google Spain Case 25 2.2.1. Search Engines as a Data Controller 27 2.2.2. Expand to Information Legally Published by Third Parties 29 2.2.3. Delisting and Contextual Integrity 32 2.3. Integration in the GDPR: Article 17 33 3. Summary: Value of the Right to Be Forgotten 35 Chapter 3 Value Conflict: What is worth forgetting 39 1. Digital footprint and digital shadow 39 2. Conflicting interests and rights 41 2.1. Freedom of Expression 41 2.2. Public interest 43 3. Balancing mechanism 44 3.1. Principle of Proportionality in data protection 44 3.2. Specific criteria 45 3.2.1. Data Subject's role in public life 47 3.2.2. Nature of information 47 3.2.3. Source 49 3.2.4. Time 50 3.2.4.1. Time and Data Quality 51 3.2.4.2. Information value and the information lifecycle 52 3.2.5. Harm: A Level of Severity and Pervasiveness 53 4. Balancing scenario 54 4.1. Against Search engines: NT1 & NT2 54 4.2. Against Original Website: ML and WW v Germany 57 5. Summary 59 Chapter 4 Effectiveness: Enforcement Dilemma 61 1. Search Engines and ensuing obligations as data controller 61 1.1. Assess the validity of the request 61 1.2. Notification 62 1.2.1. To the Other Controllers 63 1.2.2. To the Original Website 63 1.2.3. To the Public 64 2. Issues: 65 2.1. Role of Google: A Data Controller or Neutral Intermediary 65 2.1.1. Passive role or Active role 66 2.1.2. Algorithm as Speech 68 2.2. Fair Balancing: An Illusion 68 2.2.1. Difficulty in Striking A Balancing 68 2.2.2. Over-Compliance: Uncertainty and Stick 69 2.2.3. Heavy Burden 69 2.2.4. Due Process 70 2.3. Limited Effect 70 3. Summary 72 Chapter 5 China's Privacy and Data Protection Framework 73 1. Online privacy protection 73 1.1. Cultural backdrop 73 1.2. Legislation on the right to privacy 75 1.2.1. Concept of the right to privacy 78 1.2.2. Comparison with the right to be forgotten 80 1.3. ISP Responsibility 83 2. Personal data protection in the PRC 85 2.1. Recent initiatives 86 2.2. Protection Approach: Growing Independent from Privacy 89 2.3. Principles and conditions for lawful processing 92 2.4. Public disclosure of personal information 98 2.5. Right to Erasure 104 3. Summary 109 Chapter 6 Judicial practice of The Right to Be Forgotten in China: Renjiayu vs Baidu 111 1. Fact 111 1.1. Claim of Mr. Ren: Substantial Damage 111 1.2. Defense of Baidu: No knowledge, No intent, No human intervene 113 2. Judgement 113 2.1. Trial at first instance 114 2.2. Trial at second instance 117 3. Comment 117 3.1. The legal basis of the "Right to Be Forgotten" in china: Comment on the general personality right approach 117 3.1.1. The approach is reasonable 118 3.1.2. Limitation of the approach 121 3.2. Worthy of Forgetting 124 3.2.1. Data quality and the effect of time 124 3.2.2. Ren Jiayu's role in society and the right to know 125 3.3. Baidu's liability: Safe card of "Technology Neutrality" 125 3.4. Judicial attitude to the right to be forgotten 128 Chapter 7 Reflection on the localization of the right to be forgotten in china 130 1. Basic attitude 130 1.1. Necessity: Fulfill the contemporary needs 130 1.1.1. The need to maintain digital personality 130 1.1.2. The need for the free development of personality 131 1.1.3. The need to manage online content 132 1.1.4. Public interest in published information does not always outweigh an individual's privacy interest 133 1.2. Obstacles of the localization of the right to be forgotten in china 133 1.2.1. The inherent Obstacle: impact on openness of public opinion 134 1.2.2. The external obstacle: challenges in implementation 135 1.2.2.1. Contradiction with the development of information industry 135 1.2.2.2. Potential litigation will occupy judicial resources 137 1.3. Summary 138 2. Insights from the European's right to be forgotten 140 2.1. Reflection of the informational self-determination: control 140 2.2. Reflection to the protection of published information: flexible balancing mechanism 143 2.3. Reflection of Obligations of search engines 144 2.4. Specific implementation method 147 2.4.1. Principle of proportionality 147 2.4.2. Differentiation should be made on the data subjects 147 2.4.2.1. Natural person and legal entities 148 2.4.2.2. Public figures and ordinary citizens 148 2.4.2.3. Special treatment of minors and victims 149 2.4.3. Coordinate Alternative manners other than erasure 150 3. Restore the virtue of forgetting beyond the law 150 3.1. Market 150 3.2. Technology 151 3.3. Culture 151 Conclusion 153 References 156 Korean Abstract (요약문) 167Maste

Towards a Global Data Privacy Standard

This Article questions the widespread contention that recent updates to European Union (EU) data protection law will drive a disruptive wedge between EU and United States (U.S.) data privacy regimes. Europe’s General Data Protection Regulation (GDPR), which took effect in May 2018, gives all EU citizens easier access to their data, a right to portability, a right to be forgotten, and a right to learn when their data has been hacked. These mandatory privacy protections apply to non-EU companies that offer goods or services to EU consumers, whether through a subsidiary or a website. The “Brussels Effect” hypothesis projects a “race to the top” as multinational entities find it easier to adopt the most stringent data protection standards worldwide, rather than satisfying divergent data privacy rules. The GDPR is said to be a prime example of the Brussels Effect because of its aggressive extraterritorial scope that unilaterally imposes EU law on U.S. entities. This Article acknowledges a Brussels Effect, but there is also an overlooked “D.C. Effect” reflected in the GDPR’s adoption of many U.S. data privacy innovations. The GDPR imports long-established U.S. tort concepts for the first time into European privacy law, including deterrence-based fines, collective redress, wealth-based punishment, and arming data subjects with the right to initiate public enforcement. Under the GDPR, the EU Commission adopted “Privacy by Design” and security breach notification obligations, innovations pioneered in the U.S. The net effect of the GDPR is a bilateral transatlantic privacy convergence, which is rapidly evolving into a global data privacy standard. Nations around the world, some U.S. states, and the major U.S.-based data processors are instituting policies harmonized with the GDPR. This Article argues that the GDPR has the potential to not only bring an end to the transatlantic data privacy wars, but to become the basis of a worldwide “gold standard” for global data privacy

Right to be Forgotten:EU-ropean Data Imperialism, National Privilege, or Universal Human Right?

The Digital Age has fundamentally reshaped the preconditions for privacy and freedom of expression. This transpires in the debate about a “right to be forgotten”. While the 2014 decision of the European Court of Justice in “Google Spain” touches upon the underlying issue of how increasing amounts of personal data affects individuals over time, the topic has also become one of the salient problems of Internet Governance. On 24th September 2019 the European Court of Justice delivered its judgment in “Google vs CNIL” (C-507/17) which was supposed to clarify the territorial scope of the right. However, this judgment has raised doubts about the enforceability of the General Data Protection Regulation, and reveals the complex, multi-layered governance structure of the European Union. Acknowledging such complexity at a substantive and institutional level, this article starts by analysing the judgment. Additionally, to better understand the current situation in the European Union and its member states, recently produced draft guidelines by the European Data Protection Board are presented and discussed, as well as two judgments of the German Federal Constitutional Court. Subsequently, the European developments are put in international context. Finally, the insights from these sections are combined which allows to develop several conceptual ideas. In conclusion, it is argued that the right to be forgotten remains complex and evolving. Its success depends on effective multi-layer and multi-stakeholder interaction. In this sense, it has become a prominent study object that reveals potential venues and pitfalls on a path towards more sophisticated data protection frameworks

The effectiveness of three types of practice in word recognition in grades II and III

Thesis (Ed.M.)--Boston Universit

The Cowl - v.83 - n.5 - Oct 4, 2018

The Cowl - student newspaper of Providence College. Vol 83 - No. 5 - October 4, 2018. 24 pages

Colored operads, series on colored operads, and combinatorial generating systems

We introduce bud generating systems, which are used for combinatorial generation. They specify sets of various kinds of combinatorial objects, called languages. They can emulate context-free grammars, regular tree grammars, and synchronous grammars, allowing us to work with all these generating systems in a unified way. The theory of bud generating systems uses colored operads. Indeed, an object is generated by a bud generating system if it satisfies a certain equation in a colored operad. To compute the generating series of the languages of bud generating systems, we introduce formal power series on colored operads and several operations on these. Series on colored operads are crucial to express the languages specified by bud generating systems and allow us to enumerate combinatorial objects with respect to some statistics. Some examples of bud generating systems are constructed; in particular to specify some sorts of balanced trees and to obtain recursive formulas enumerating these.Comment: 48 page