May 12, 2015

Public interest vs. the right to personal privacy online – who decides?

If only real life could be more like the movies! Wouldn’t it be great if we could travel back in time in our own plutonium-powered DeLorean like Marty McFly in the Back to the Future films, to right wrongs and change the past? 

Alas, no scientist has yet invented such a time machine that could help us in our efforts to erase or truly forget the permanent global access to and circulation of personal data.

The Guardian report on the case brought against Google in 2014, by the Spanish lawyer Mario Costeja González, highlights the increasing need for intelligent procedures to be put in place to protect individuals’ personal data in the public domain. The European Court of Justice (ECJ) ruled against Google, saying that, “personal data should be removed from search results on a person’s name when outdated, inaccurate, inadequate, irrelevant, devoid of purpose and when there is no public interest.”

González’s lawyer argued that the out-of-date information about his client was potentially harmful, and that he had a right to ‘delist’ this information to protect his reputation and interests.

Of course, the ‘right to be forgotten’ does not trump the freedom of speech. The ECJ ruling stated that the original source materials and newspaper reports about Mr González could stay in the public domain as they were protected under freedom of expression laws. Google’s links to this information, however, were not protected, because Google is a ‘data processor’. Search engines, like Google, are subject to data protection rules and so as such, should remove outdated, wrong or irrelevant information from their indexes, unless there is a public interest in keeping it.

No one is suggesting that we promote a world in which special agents go around wiping memories like in the Men in Black films. Once personal information is in the public domain it is difficult to forget the news stories about it, even if it is removed from search engines. However, having laws and rules is about damage limitation, and respect for individuals. It is not about manipulating memory or eliminating information, rather about making certain data less prominent where there is ample justification to do so.

Since the ECJ ruling, Google has set up an advisory council and they have provided a form for Europeans to make a request to have data removed or delisted from their European search engines. However, this ruling does not apply to US Google, where the ‘First Amendment’ law means that freedom of speech and publication trump data protection rights.  With the global nature of the internet it's hard for a story to be 'forgotten' if the data is still freely available in another country!

There are clearly huge benefits to the internet and mobile media devices and how they allow global access to information and digital connectivity worldwide. But they do raise issues around the level of control available to protect individuals and how our identities are represented in this open, public domain online.  Following the ECJ ruling on the Google privacy case, the Information Commissioner's Office (ICO) has published its own guidelines on this issue. 

In a world where we are seeing more and more abuse of personal data and sharing of private information, where ‘whistle-blowers’ are persecuted for doing the right thing, there is an urgent need for increased data security and protection.  For businesses, one way of doing this is through secure destruction of confidential files (paper or digital).

As individuals we can all play a part in protecting our personal data. Think carefully before you allow your information into the public domain and ensure organisations that ask for your data have robust measures in place to protect it. Unlike the movies, we don’t yet have a way of wiping peoples' memories or messing with the space/time continuum to undo the past.