What is the right to be forgotten?
The right to be forgotten is the concept that individuals have the civil right to request that personal information be removed from the Internet.The right to be forgotten is a concept discussed and put into practice in the European Union (EU) and Argentina since 2006. The issue has arisen from desires of individuals to "determine the development of their life in an autonomous way, without being perpetually or periodically stigmatized as a consequence of a specific action performed in the past."In May 2014, a man from Spain asked Google to remove links to an old newspaper article about his previous bankruptcy, claiming there was no legitimate reason for the outdated information to remain accessible online. The European Court of Justice ruled that under European law, search engines are data controllers so they must consider all requests to stop returning irrelevant or outdated information in search queries. According to the ruling, the Web pages that the query results in question point to can remain online and any link omissions on query returns will only occur when searches are made in Europe. In the wake of the ruling, Google began receiving thousands more requests to take down links.While the right to be forgotten aims to support personal privacy, the concern is that it conflicts with the open nature of the Web and the free flow of information. The interests of one individual in removing information from the Web may conflict with the interests of another individual or group. While Google is not required to honor every request for information to be taken down, it seems clear that the popularity of the concept will inspire organizations to have a process in place for reviewing and following through on take-down requests.Currently the General Data Protection Regulation ruling applies only in the European Union, but according to some research, Americans might be interested in a similar right in the U.S. in spite of concern from the opposition that removal of legally published and truthful information from the open Web infringes on First Amendment rights and smacks of censorship.Have a nice surfing :)
Should the USA have a "right to be forgotten" law like the EU?
In the EU this sort of thing largely pertains to criminal convictions. In principle, after one has received whatever punishment his crime entailed that person should be given the chance to go straight and get on the right track of integrating into society. Otherwise the whole philosophy of the penal system makes little sense - you might as well permanently confine the ex-cons into some reeducation labour camp/GULAG. And if the info of their wrongdoing is out there in public the reintegration into the society may may be difficult (which may lead to recidivism). This effectively makes it a “perpetual punishment” scenario. Only the private citizenry takes it upon themselves to punish the person rather than the government. This does not seem to be ideal.This is particularly true with the ridiculous “plea deal” situation which is rampant in the US. In the US 97 percent of federal cases and 94 percent of state cases end in plea bargains - something is clearly wrong in the stat no matter how you look. It is either criminals are getting off easy or the criminal codes are so stupid that everyone circumvents them, or innocent people go to jail way more often than it is generally thought.As a rule the prosecution would overcharge the defendant with a ton of crimes that stack - one can be charged with like dozens of different stacking crimes for a single instance of wrongdoing. And then the prosecution offers a plea deal that may appear very lucrative compared to that stack of charges. People fight to the end for “their good name” only in movies. Suppose you got a 50/50 chance of getting 20 years if the case goes to court, yet the prosecution offers you a 5 year plea deal. Anyone reasonable is going to choose 5 years and let the time start ticking asap, whether they are indeed guilty or not, rather than risk getting 20. Not to mention the possible collusion between public defenders and the prosecution where the defenders might recommend some suboptimal strategies to their “clients”. In any case the client of the public defendant is the state and such actions may be rooted in how the public defendants are compensated. Essentially both the defence and the prosecution wants to get the trial over as soon as possible and a plea is good for the stats of both of these parties, but not necessarily the defendant. So, having said that, the “right to be forgotten” may be a necessity.
Are you in favor of the right to be forgotten? If yes, then why?
I don't see why anyone should be prevented from publishing true facts, unless they are an unreasonable intrusion. From a brief glimpse at the story, it seems a man was offended that searches for him kept on giving top rating to a time when he was in debt, even though the debt was cleared.It seems it would have been OK for news media but not data collectors:"Q: Why is it Google is being hit by this and not the newspaper?"A: Because the newspaper gets the protection of being 'media' under European data protection law (which offers various protections and exemptions for journalistic work). Google has explicitly opted out of being described as a 'media' company."But the judges decided that because Google collects lots of data and then processes it, and that that data includes information about people, it is a 'data controller' under the meaning of the EU data protection directive. "'Data controllers' have special obligations in the EU - including the responsibility to remove data that is 'inadequate, irrelevant or no longer relevant'." (Explaining the 'right to be forgotten' – the newest cultural shibboleth.)
Should Slavery be forgotten?
Hi there, Victor Although you've stated that you have your own reasons why slavery should not be forgotten, it's a shame that you didn't share one or two with us. I agree with you 100%. If I may quote George Santayana: ' Those who cannot remember the past are condemned to repeat it.' While Santayana made a good point for students of history, law, philosophy and the social sciences, the people who traffic and own slaves today haven't a care for academic studies, preferring money above that of human rights. Moreover, slavery is NOT solely an African-American past, but the present for so many throughout Africa. Notwithstanding the Euopean problem of the traffic of hopeful young women from Eastern Europe who are sold the dream of becoming a fashion model and end up within the illegal sex industry, chained to a bed post. Slavery then, is not merely a matter of history, but a scourge on humanity that we must ever strive to eradicate and, perhaps, that is how you might be able to impress upon others that slavery is a much broader and contemporary issue. Victor, on a purely personal note, black history is a misnomer. I have long held the view that the very idea that there is a black history is diminutive. No university, library or bookshop would have a section headed 'white history' because white history does not exist. In a better world, perhaps, there might be a day upon which we will view history as the broader events of humanity, as a whole. For the present, each country has its history and the history of those cultures that live, or have lived, within it. No South African would ever say that our history is black history in much the same way that no European would ever reduce their history to white history. We must all remember that our lives and are much broader than a branch of divisive politics that we should all reject.
How does applying the GDPR right to be forgotten align with the need to keep user, payment and invoice data for RFIs and according to finance needs?
In general, the data subjects rights under GDPR must be weighed against other rights and regulations relevant for your sector.First of all, the right to be forgotten is only relevant if the purpose and lawfulness is based on consent or a contract, or if the purpose for the processing is no longer valid, or the processing is unlawfull (Article 17).Second, union law or member state law can restrict by way of legislation the scope of the data subject rights (Article 23).While the data subject should always be allowed to exercise his/her rights, you need to balance this against other legal obligations before granting or denying the request. If the data subject disagrees with your assessment, he or she can lodge a complaint with the supervisory authority.(NOT LEGAL ADVICE. I AM NOT A LAWYER.)
Does the “Right to be Forgotten” law force the removal of entries from the Internet Archive?
A2A.First, let’s be precise about the law.The enforceable right to erasure has been around for 23 years. It’s neither more powerful nor less powerful under the 2016 GDPR than it was under the 1995 Directive. But it was easier and quicker under (for example) the UK’s implementation: section 10 Data Protection Act 1998This is because the lobbyists have managed to make it far more procedurally complex (and thus harder for laypeople to enforce) under the GDPR than it was under the Privacy Directive. From a standing start, what used to take an hour or so even for Counsel properly to assist a new judge in understanding the law, now might take a whole day or more, making it seem almost impossible for laypeople. However, that can be remedied simply by way of Internet-published template pleadings. I know people who are up for this already.Secondly, “the Internet Archive”? I parse this as “cached” pages, not in the sense of true caching, but in the sense of web sites who store retrievable copies of other sites’ web pages? In other words, simply copies of other sites’ data?If that is right, then yes, the right could be used to force erasure of material in caching web sites. Much more easily than for the original sites.Moreover this leads to a much bigger problem for such “caching” sites, which prima facie would seem to lack any plausible legal basis at all - ever - for processing personal data.Oddly this touches on of the prime political causes of the GDPR: the government agencies that unlawfully secure and process (and often unlawfully sell into the private sector) copies of personal data. [I don’t mean national security agencies, which generally try much harder to comply with applicable laws than do ordinary government departments around the world, too many of whom make little or no effort at all]. If it wasn’t for the up-to-40 or so US agencies doing all this with EU personal data for the last 17 years, the GDPR might never have become a thing.Cause and effect is a wonderful thing.
How can a company be GDPR compliant (right to be forgotten), while also respecting email opt out? How can you delete a record from a database, while also making sure that record does not receive future marketing emails?
First thing to remember is that you don’t have to delete the data in order to remove an individual from your database. You can simply update all the personally identifying information to make it non-identifying. Deletes are, a lot more difficult, so you may be better off going with updates.That said, the most important part of this process is finding each and every location of personally identifying data that you have. Also, you must be very clear about what makes data personally identifying and that is a shockling large range of information. Email address, name, postal code, sex, those are the easy ones. What about IP address? Yeah, that can also be personally identifying. In short you have a lot of work ahead of you.However, after identifying where the information is and what makes it personally identifying, you just have to have a mechanism for updating those fields into nonsense (don’t try swapping first & last names or other cute tricks, that still makes it identifying data), which is pretty easy to do. Or, you can opt for a single value, ‘Dropped on request’ or ‘DOR’ or some other choice.Then, on top of everything else, you also have to figure out how to deal with your backups. When someone is removed from your system, that includes old records of them as well as current records.Once the email is removed from your system, how on earth would someone then receive mailings from it? That just shouldn’t happen unless you have a second storage location for your email list. In which case, that should have been identified earlier and dealt with.GDPR compliance is a major task and there are way too many companies that are not attempting to perform the tasks necessary.