Law in the Internet Society

The Right to be Forgotten vs. Free Speech

-- By EricN - 04 Jan 2020

In recent years regulators all over the world, especially in the European Union (EU), have increased their efforts to enact data privacy laws. Some would say, the right to be forgotten marked the end of free speech in the modern internet and others endorse the necessity of strong internet privacy laws. Although I believe there are profound reasons for a right to be forgotten, it undoubtedly competes with the fundamental, hard-earned law of free speech. I therefore want to lay out the idea behind this new legal concept of a right to be forgotten, in order to reach a verdict if it prevents or maybe supplements free speech.

Privacy Legislation

Europe

The origins of the "Right to be Forgotten" (hereinafter "RTBF") are rooted in a landmark case in the data privacy landscape, namely Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González.

Mr. González sued Google, alleging that the results of the search engine led to disadvantageous newspaper articles, which allegedly were no longer relevant and were damaging his reputation. The European Court of Justice ("ECJ") ruled that the right to request the removal of inaccurate, excessive or irrelevant links arises from a fundamental right to privacy which is to be weighted higher than the economic interest of a commercial firm such as a newspaper or even, in some circumstances, the public interest in access to such information.

GDPR

The concept of the RTBF was then embedded in the European General Data Protection Regulation ("GDPR"), the comprehensive European Law on data privacy which came into force in May 2018. According to article 17 of the GDPR, any "data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay", which means any user can request the deletion of his personal information on a website within the jurisdiction of the GDPR. Although there are certain exceptions, this poses a significant challenge to any website operator.

United States

In the US, the Cambridge Analytica scandal effectuated various changes in the US data privacy law landscapes, including the California Consumer Privacy Act (CCPA), which is currently the most comprehensive data privacy law to be enacted in the US (The Act goes into force on January 1, 2020). Some call this shift in public awareness towards data privacy legislation as the "great privacy awakening" (For further information: Internet Health Report 2019, Mozilla). In 2018, the number of Americans who think Tech companies need more regulation and should be made liable for breaches of their user’s data privacy rose to 83 % (from 49 % in 2017), as a recent national representative survey showed (For further information: Americans want tougher rules for big tech amid privacy scandals, The Guardian).

The Tension

The crux is that the question cannot be answered in complete: free speech is utmost important, yet there are definitely certain circumstances where the RTBF is of great importance to affected people and where it actually is deliberating. However, the RTBF without any restrictions might not be the perfect solution for the problem. Although I realize it is hardly viable, there should be an element of consideration implemented when it comes to deletion of information. The GDPR for example foresees an exception for deletion requests where the processing of the data is necessary for exercising the right of freedom of expression (Art. 17 para. 3 (a) GDPR), yet the balancing of the involved interests is still up for discussion and two recent decisions of European courts illustrate a certain anticipation of how courts decide.

On September 24, 2019, the ECJ limited the geographical reach of the RTBF. The French privacy regulator fined Google after it rejected a directive to globally remove search results which contain defaming information about a person. The ECJ then held that the internet is a global network without borders, yet numerous third States do not recognize the RTBF and no country should be able to impose rules on citizens of another country. The ECJ concluded that there is no obligation under EU Law for search engines to carry out de-listing requests outside the EU, or as the Court remarkably said: "The right to protection of personal data is not an absolute right" and so the RTBF does not apply outside of the EU (For further information: Google LLC v Commission nationale de l’informatique et des libertés (CNIL)).

Only two weeks later, however, the same Court held on October 3, 2019, that Facebook can be forced to delete content worldwide. This judgement was made after an Austrian politician sued Facebook Ireland Ltd., to remove comments about her, which an Austrian Court determined to be defamatory, on Facebook. The Court held that a EU member state court can order a host provider to remove information which previously was declared to be unlawful worldwide within the framework of the relevant international law. This decision could let objective viewers believe that the EU is nonetheless trying to implement the RTBF as a global regulatory internet standard and it has to be seen, how this decision will heat up the discussion of free speech versus privacy.

Conclusion

When a convicted murderer can have his name removed from online search results (German murderer wins 'right to be forgotten', BBC) and courts weigh his right to privacy higher than free speech and press freedom, then I would argue the RTBF poses a danger to free speech. Looking at the US, a recent case demonstrated why the RTBF does not (yet) work under current US Law. In Yury Mosha v. Yandex Inc., S.D.N.Y.,18 Civ. 5444 (ER) Mosha claimed that the Russian search engine Yandex.ru would defame him and after an unsuccessful trial in Russia, Mosha filed a claim in New York against the US subsidiary of Yandex, Inc. The District Court granted the defendant’s motion to dismiss, based on the immunity of Yandex, Inc. under the Communications Decency Act ("CDA"), 47 U.S.C. § 230, holding that internet search providers are interactive computer services and as such, may rely on the immunity granted under the CDA. It will be interesting to see if this line of argumentation may be upheld in California in 2020.


You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.

Navigation

Webs Webs

r8 - 26 Jan 2020 - 14:47:20 - EricN
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM