The Proposed Right to be Forgotten Seen from the Perspective of Our Right to Remember
Freedom of Expression Safeguards in a Converging Information Environment
This report puts the EC proposal for a right to be forgotten in context and discusses it from the perspective of freedom of expression. As will become apparent, the right to be forgotten as proposed in data protection law is a concept that relates closely to the regulation of privacy harms caused by new forms of publicity online, most notably search engine and social media publicity. These new forms of publicity are the subject of daily news reports about the privacy impact of the Internet and related services Even though scientific literature shows that the Web is extremely volatile, that valuable information constantly disappears and that the structural preservation of historic publications online is a very hard problem, the perception that the Web never forgets seems to remain prevalent.
Acting on concerns over online publicity, over the last decade, Data Protection Authorities (in France, Spain and Italy in particular) have laid the foundation for the establishment of strengthening the control of people over the public data that is processed about them online through a so-called ‘right to be forgotten’. The European Commission, after consulting on the topic, has made the name and (some parts of) this right into a central element of its proposal for a General Data Protection Regulation. Considering the fact that these proposals relate to new forms of publicity online, a fundamental question is whether freedom of expression is sufficiently taken into account. Much of the public debate in the general media that has taken place over the last two years about the right to be forgotten touches on this important question, that will be addressed in this report through a discussion of the proposed Article 17 and 80 and related legal doctrines. The EC proposals are discussed in detail, taking into account recent developments in the European Parliament and the Council.
The EU data protection framework seems to have become the most important legal framework for addressing privacy concerns relating to online media. This report also addresses the fundamental question to what extent this is a good development. It does so by first looking at the interface of data protection as applied to online publications of personal data and the laws at the national level relating to the lawfulness of publishing about natural persons. Second, and finally, this report looks at extremely (and ever more) complex interface of data protection with intermediary liability regulation at the EU level (limited safe harbors) and the Member States (secondary liability). Data protection law currently lacks the tools for setting the boundaries for intermediary and the current proposals do not effectively address this issue either. This raises the question of how this interface could be better established, which will be addressed in the final part of this report.
Section 2 will discuss the backgrounds of the right to be forgotten. Section 3 discusses the already existing principle and the implied right of erasure under the current Data Protection Directive. After that, the EC proposal for a right to be forgotten in Article 17 of the Regulation will be addressed (Section 4), the way data protection deals with freedom of expression concerns in Article 80 and recital 121 (Section 5) as well as some of the proposals to amend Article 17 and 80 by the European Parliament and the Council (Section 6). Section 7 discusses the interface of data protection with privacy tort law and media law and Section 8 discusses the interface with intermediary liability regulation. Section 9 concludes.JRC.G.7 - Digital Citizen Securit
