GDPR
Googled anyone today? What does everyone find?
The right to be forgotten became a household concept when GDPR entered into force (already being a right following art. 8 of the ECHR, the right to a private life). Simplified (as I am sure you already know) it entails a right to have personal data – whether it is discrediting/sensitive, or just general information - removed from e.g. search engines (and other information carrying entities as well for that matter).
So what of the actual reach of this right to erase information about yourself on the internet today? The right to be forgotten is not absolute. Two key limits to the right is the whereabouts of the person (IP address of the person searching) & the interpretation of “legitimate interest”.
Let´s start with the legitimate interest – the quick and dirty:
Importantly, there is no obligation to erase data if there is “legitimate interest” for continued processing. (Also, data can be kept with consent of the subject – but since we are talking about the right to be forgotten, this is not particularly relevant…) This includes that the right to be forgotten does not apply when a nation disapplies GDPR to uphold freedom of speech – including for ensuring a free press. But what does this mean in practice – when do we, as subjects, not have a right to have information about us erased? Where that boundary goes will be determined on a principle-by-principle and case-by-case basis, to be better defined with time and experience.
A sore example is the database Mr Koll in Sweden, where you easily can find information such as whether somebody has been party to criminal proceedings. The information is collected from public sources (which in Sweden are, due to strong principles of transparency, very far-reaching in their nature), and can therefore be protected through having a “utgivarbevis” – meaning that you cannot have your data erased. One thing that makes this problematic is the way in which the information is presented – what can effectively be a summary of (unfounded) allegations is packaged in a way that encourages browsing and general nosiness. Importantly – the information is not only open for everybody – it is very-very easy to access (just a few taps on your computer). The amount of personal integrity offered here is hence little-to-none in many people’s eyes.
There has always been a struggle between the right to information, right to freedom of speech and the right to privacy. Having intimate or not-so-positive information easily accessible for anyone to find (and in many cases without relevant context) can have severe consequences. It can mean that every time you apply for a job you get declined by default. It can mean that your kids will not get invited to parties. It can mean that you can’t rent an apartment. Hurting you – and if this means that some people are shut out of society it will also risk hurting society as a whole (for instance if you feel labeled a criminal regardless of whether you have already served you time or if you in fact where freed of all charges you might, in particular if you are young, turn to a criminal lifestyle or suffer from bad mental health).
Personally, I am against the existence of sites like Mr Koll where potentially sensitive private information is within reach for anybody at a tap with their fingers. The right to be forgotten should in this case be enforced since I cannot see the legitimate interest in this general public disclosure of e.g. the number of stairs to my door – and what door on that floor that is my door. Give me some privacy please!
For more information on these topics, please visit the Swedish Data Inspection; www.datainspektionen.se
Let´s start with the legitimate interest – the quick and dirty:
Importantly, there is no obligation to erase data if there is “legitimate interest” for continued processing. (Also, data can be kept with consent of the subject – but since we are talking about the right to be forgotten, this is not particularly relevant…) This includes that the right to be forgotten does not apply when a nation disapplies GDPR to uphold freedom of speech – including for ensuring a free press. But what does this mean in practice – when do we, as subjects, not have a right to have information about us erased? Where that boundary goes will be determined on a principle-by-principle and case-by-case basis, to be better defined with time and experience.
A sore example is the database Mr Koll in Sweden, where you easily can find information such as whether somebody has been party to criminal proceedings. The information is collected from public sources (which in Sweden are, due to strong principles of transparency, very far-reaching in their nature), and can therefore be protected through having a “utgivarbevis” – meaning that you cannot have your data erased. One thing that makes this problematic is the way in which the information is presented – what can effectively be a summary of (unfounded) allegations is packaged in a way that encourages browsing and general nosiness. Importantly – the information is not only open for everybody – it is very-very easy to access (just a few taps on your computer). The amount of personal integrity offered here is hence little-to-none in many people’s eyes.
There has always been a struggle between the right to information, right to freedom of speech and the right to privacy. Having intimate or not-so-positive information easily accessible for anyone to find (and in many cases without relevant context) can have severe consequences. It can mean that every time you apply for a job you get declined by default. It can mean that your kids will not get invited to parties. It can mean that you can’t rent an apartment. Hurting you – and if this means that some people are shut out of society it will also risk hurting society as a whole (for instance if you feel labeled a criminal regardless of whether you have already served you time or if you in fact where freed of all charges you might, in particular if you are young, turn to a criminal lifestyle or suffer from bad mental health).
Personally, I am against the existence of sites like Mr Koll where potentially sensitive private information is within reach for anybody at a tap with their fingers. The right to be forgotten should in this case be enforced since I cannot see the legitimate interest in this general public disclosure of e.g. the number of stairs to my door – and what door on that floor that is my door. Give me some privacy please!
For more information on these topics, please visit the Swedish Data Inspection; www.datainspektionen.se