(by Andy Sayler, Student Technologist)
Last week, the tension between privacy rights and free expression rights in the digital realm found itself back in the news when the Italian Privacy Authority issued a ruling helping to clarify when search engines must remove links to content under the European Union’s “Right to be Forgotten” rules. The ruling confirmed the idea that such requests must be balanced against the freedom of the press when the content in question is recent news that the public has a strong interest in accessing.
The “Right to be Forgotten”
The EU “Right to be Forgotten” is a concept that dates back to 2012 stating that individuals have the right to erase their personal digital information from search engines and other metadata aggregators online. The “right” was given legal force in 2014 with the Court of Justice of the European Union (CJEU) found it to be valid and enforceable. The ruling applies only to the meta-content carried by search engines, not to the original content to which such engines link.
Over the last year, search engines such as Google and Bing have created processes through which European Union users can request that the links to content related to them be removed from search indexes. According to its regularly updated transparency report, Google has thus far received requests to remove over 850,000 URLs, of which about 40% have been granted. Organization such as ChillingEffects.org and HiddenFromGoogle have also begun tracking such removal requests.
The “right to be forgotten” raises a number of difficult questions regarding an individual’s privacy and ability to control their digital reputation vs the public’s right to know and the freedom of expression of the press, search engines, and individuals online. When does the public interest in accessing information outweigh an individual’s interest in privacy? To what extend can the “right to be forgotten” be used to suppress accurate and truthful information? How much privacy does such a ruling really afford since it allows the original content to remain in place?
Last week’s ruling starts to provide some clarification as to the scope of this “right” and reaffirms the fact that the right does not apply in cases where the public interest outweighs an individual’s privacy. And yet many question still remain. Perhaps the biggest of which is to what extend search engines must censor results outside of their EU-targeted sites.
Currently, Google only removes contest listings from its EU-facing sites: e.g. google.co.uk, google.it, google.de, etc. The US (and often most popular) version of the search engine, google.com, remains uneffected. EU regulators have asserted that this must change and that Google must censor all of its sites, even those intended for non-EU audiences. Yet no such “right to be forgotten” exists under US law, and such a “right” is unlikely to stand up to the strong free speech protections afforded by the First Amendment. To what extend can the EU force US-based search engines to censor data that is protected under US law? The answer to such questions remains contested.
A Tool for Censorship?
Since the 2014 CJEU ruling, the “right to be forgotten” has been heavily criticized by a number of individuals and organizations on the grounds that it allows individuals too much power to censor legitimate speech that happens to be critical of their person or actions. Prominent UK newspaper The Guardian has noted that numerous legitimate news articles on its site have been suppressed by Google in response to “right to be forgotten” requests. The Washington Post has received a request to remove unfavorable concert reviews (a request that is arguably invalid since the Washington Post is not search engine and thus is not directly subject to the 2014 ruling). Jimmy Wales, co-founder and former chairmen of Wikipedia and the Wikimedia Foundation, has criticized the ruling as being unnecessary and dangerous.
These criticisms note that free speech limits related to slander and defamation are already well established in most countries, and additional rulings targeted specifically at forcing search engines to remove otherwise legal content are unnecessary and overly limiting of free expression. They also note that the ability to enforce such a right is going to be difficult, if not impossible. The Internet is a global place, the the ruling of a single regulatory entity (e.g. the EU) within that space can never be fully applied to actors outside that entity’s jurisdiction. While large multi-national corporations such as Google and Microsoft can likely be forced to comply with such a ruling (at least domestically), smaller organisations with no business presence in the EU can easily skirt such requirements. And as larger search engines such as Google and Microsoft remove such listings, the market for smaller search engines to directly provide such results as a service grows.
All of this raises yet more questions. How far are countries such as those in the EU willing to go to enforce such rights? Will they be forced to start blocking large swaths of the Internet that refuse to comply with EU rulings, similar to what China does with the Great Firewall? Do such rulings bring legitimacy to the more totalitarian-oriented Internet censorship policies in place in countries around the world? Do attempts to enforce such a “right” accelerate the balkanization of the Internet into a series of multiple state-controlled Internets?
Such questions will need to be answered over the coming years. The state-less nature of the Internet, coupled with tensions between countries like the US that tend to favor free expression over privacy and countries like those in the EU that tend to favor privacy over free expression, make answering such questions complicated. Yet the ramifications of these answers will have far reaching consequences for the Internet, as well as privacy and free speech rights, for many years to come.