Life, etc

Op-ed: Privacy – do we have the right to be forgotten?

By Alison Tilley 25 May 2014

At this point, I am grateful that I remember people’s faces, let alone their names. As to where or when I met the person – it’s a real hit-and-miss affair. Google, of course, not so much. Search engines relentlessly hunt down any mention of a person on the web. Older, more recent, a bad photograph, a great blog – it’s all there. But should it be? Do we always have a right to know? Or do we sometimes have the right to be forgotten? By ALISON TILLEY.

Turns out, more the latter. The European Court now says that you have the right to be forgotten – and that people have the right to their personal data being erased and no longer processed. This can be because, as the judgement says,

the data are inaccurate but, in particular, also from the fact that they are inadequate, irrelevant or excessive in relation to the purposes of the processing, that they are not kept up to date, or that they are kept for longer than is necessary unless they are required to be kept for historical, statistical or scientific purposes.

So Google have been ordered to take down information, not on the basis that it was wrong, but that it was, basically, too old, and thus an infringement on privacy rights.

Privacy rights used to be a bit nerdy. When I expressed interest in them a while ago (ok, a decade ago) to a former lecturer, said lecturer looked at me in a baffled sort of way, and said something like, “Isn’t that a liberal construct?” And pointed out that feminists don’t generally like privacy rights. This is probably because privacy rights were commonly used in the sense of ‘An Englishman’s home is his castle’. This seems to have meant an Englishman could do anything to anyone behind the four walls of his house. This was not good for women, children, servants, and basically anyone not an Englishman.

That conception of privacy, and private space, was supported by the thinking that human rights did not generally apply in that private space, and that those rights were limited to the relationship between the state and the individual. We managed to get over that hump, and now think of rights as being everywhere. But privacy was still left with a faintly old-fashioned taint – not progressive, really.

But the absence of privacy is often a sign of a totalitarian regime. Your ‘right to be left alone’ is precisely what privacy rights protect. In any system where what you think, or choose, or believe is subject to constant scrutiny, it is your privacy that is being infringed. Foucoult, a French theorist, revived a term, the panopticon, to talk about how being subject to observation becomes a way of controlling behaviour. The concerns about the surveillance state have morphed into concerns about surveillance generally. Snowdon managed to blow the lid on how many ways we were being watched, by our friends at Google included. (Don’t be evil, indeed.) We are collecting more and more information, perhaps just because we can. Somehow, privacy rights have become more…fashionable? Pressing?

More and more data on individuals can be collected and stored and the method of gathering data is becoming more and more sophisticated. Data can be shared at the touch of a button. The use of the internet, the use of credit cards, cell phones etc. means that people leave behind them an electronic trail which gives extraordinary levels of detail of the individual’s activities.

German Green politician Malte Spitz went to court to obtain the information that his cell phone operator, Deutsche Telekom, gathered and kept about his activity. Over the course of six months, Deutsche Telekom had tracked his geographical location and what he was doing with his phone more than 35,000 times. Aggregated with his Twitter and Facebook information, a virtually complete picture of his movements, interests, speeches, and meetings can be created, pinpointed to within the metre and the minute.

And this is good, right? Because we have a right to know, and the right to information, and that’s part of a free and democratic society, and holding power to account. Or it’s bad, because it means we are subject to surveillance, and thus our privacy rights are being infringed?

Well, it depends. The judgment of the European Court, according to Jodie Ginsberg, chief executive of Index on Censorship,

“…is akin to marching into a library and forcing it to pulp books. Although the ruling is intended for private individuals, it opens the door to anyone who wants to whitewash their personal history.”

According to Article 19, an international NGO working on freedom of expression issues,

The implications of the Court’s judgment for free expression are profoundly worrying. Although the Court was interpreting a data protection measure rather than some outright restriction on free speech, the Court failed to even mention the right to freedom of expression and information under Article 11 of the EU Charter of Fundamental Rights.

On the other hand, “This is a substantial victory for the right to privacy,” said John M. Simpson, Consumer Watchdog’s Privacy Project director. “I hope the online giants will follow the same policy in the United States. If they don’t, we need legislation to require it.”

Which way would a South African court jump? Well, right after asking what an internet is, and prohibiting people from tweeting from court, I’m guessing a local court might well agree with the European Court. In the way that court has framed it, it is the same old right to your data being processed in a lawful way, just applied to Google. It’s what is our data protection legislation allows for (Act 4 of 2014). It isn’t actually a completely new right. It just says Google has to get in line, and behave responsibly with personal data, like everyone else. It looks new, because it relates to a search engine, and not a database, but it’s the same principle.

So, and I think this would be right, that a court would order Google to take down old and irrelevant information about me. (But I can find that information about myself, on Google, easily. Try going to the State Security Agency website to run a quick check on what they have on you.)

In my mind, the really new stuff is happening in the policy debate around where data subjects withdraw their consent for processing. That’s where its not old, or wrong, or bad information. You just don’t want it online.

Article 17 of the draft new European Data directive provides the data subject with a newly framed right, the right to be forgotten and to erasure. There are limitations on the right to be forgotten included in the draft Article, which would include where the information is evidence, or published as part of the right to freedom of expression. However, they suggest that even if the responsible party has followed all the requirements of the Act, and is not processing information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully, they should have to delete that data on request. So that’s new. And I think it is interesting, and probably right to be able to delete old photographs of myself – but what if it is the only photograph? And I am a notorious drug lord?

We want the right to know, but not always the burden of being known. The new Information Regulator, created in terms of the Protection of Personal Information Act, is going to critical to deciding where the line is between privacy, and freedom of information. DM

Gallery

Analysis

Fudging, obfuscation and misdirection hobble the route to the nitty-gritty of expropriation

By Marianne Merten

"Joyfully to the breeze royal Odysseus spread his sail and with his rudder skillfully he steered." ~ Homer

0