Does the U.s. Need a "right to Be Forgotten"?
| Jurisdiction | European Union,United States,Federal |
| Pages | 0006 |
| Citation | Vol. 55 No. 2 Pg. 0006 |
| Publication year | 2015 |
Attorney Kimberly A. W. Peaslee, J.
Electronically stored and electronically indexed information is ubiquitous. We are arguably living in the age of the "internet of things," where everyone and everything is traceable online. With technology moving so fast, it is hard to picture what our interaction with information looked like a decade ago or what our interaction with information will look like ten years from now. In fact, that is part of the controversy surrounding the Court of Justice of the European Union's (the "CJEU") recent application of the 1995 European Data Protection Directive ("the EU Directive") in the Google Spain case.[1]
While the Google Spain case is interesting on a number of levels, the focus of this article will be on whether the U.S. should consider legislation similar to the EU Directive, which has become known as "the right to be forgotten," or whether there is a more appropriate solution. Any U.S. solution will need to balance an individual's interest in their personal data with the preservation of others' First Amendment rights.
THE EU DIRECTIVE
The EU Directive regulates the processing of "personal data" within the European Union. "Personal data" is defined as "any information relating to an identified or identifiable natural person, hereafter referred to as a "data subject". The responsibility of ensuring the proper processing of "personal data" rests on the "data controller."
There are several overarching principles in the EU Directive that provide for the processing of personal data. Appropriate processing must be transparent, serve a legitimate purpose, and be proportional to the purpose for which it was collected. As a general notion, the data subject must be informed that his or her personal data is being processed. Article 6 of the EU Directive provides that data must be "adequate, relevant, and not excessive" in relation to the purposes for which it was collected. The data must also be accurate and not kept "longer than is necessary." Article 12 of the EU Directive provides that a data subject can request that a data controller rectify, erase, or block data if it does not comply with the provisions of the EU Directive.[2]
THE GOOGLE SPAIN CASE
Google Spain, decided late in 2014, dealt with a Spanish citizen, Mr. Gonzalez, who sued Google Spain seeking the removal of links to La Vanguardia newspaper announcements about the foreclosure on his home due to unpaid debts.[3] Announcements pertaining to Gonzalez were initially published in La Vanguardia in 1998. Mr. Gonzalez objected to those same announcements showing up in Google searches for him in 2009.
It is important to note that the recent CJEU order in Google Spain only required the removal of the La Vanguardia links on sub-domains (i.e., google.co.uk) and not on Google.com. The case also did not require the removal of the original announcements from La Vanguardia, but rather made those announcements harder to find. What is unclear is what would have happened had those same announcements only existed online as most of our news does now.
Google Spain dealt with accurate, albeit old, data. Some have suggested that this is akin to having a record expunged or removing something from your credit report after a pre-determined period of time and thus, should not be cause for alarm. Most would agree that there is little downside to removing information that is inaccurate or out of date. That seems rather straightforward. What is more troublesome is the idea that...
To continue reading
Request your trial