Right to be forgotten?

If you’ve used Google to look for a personal name during the last few months you’ll have spotted this notice at the foot of some pages of search results:

Some results may have been removed under data protection law in Europe.

Click on the invitation ‘Learn more’ and you’ll discover that Google is attempting to conform to a ruling of the European Court of Justice on 13 May 2014 that ‘certain users have the right to ask search engines like Google to remove results for queries that include the person’s name. To qualify, the results shown would need to be inadequate, irrelevant, no longer relevant, or excessive.’

Google assure us that ‘we’ve been working around the clock to comply. This is a complicated process because we need to assess each individual request and balance the rights of the individual to control his or her personal data with the public’s right to know and distribute information.’

If you think Google should ‘hide’ information about you can fill in a form. ‘In evaluating your request, we will look at whether the results include outdated information about your private life. We’ll also look at whether there’s a public interest in the information remaining in our search results – for example, if it relates to financial scams, professional malpractice, criminal convictions or your public conduct as a government official (elected or unelected). These are difficult judgements and as a private organisation, we may not be in a good position to decide on your case.’ If Google rules against you can appeal to the Data Protection Officer.

It’s not often you find yourself siding with Google, but it’s hard not to sympathise with them, faced with having to implement the Court’s strange judgement.

The first thing that’s strange about it is that it’s aimed at search engines. It doesn’t say that the relevant information must be expunged from the internet, only that search engines must not lead people to it. This is like saying that the card in a library card catalogue must be removed but that the offending book may stay on the shelf. As Google say, ‘Search engines can’t remove content directly from websites, so removing search results from Google wouldn’t remove the content from the web. If you want to remove something from the web, you should contact the webmaster of the site the content is posted on and ask him or her to make a change.’

The second strange thing is that the ruling doesn’t just apply to what, under data protection legislation up to now, has been regarded as ‘private’ personal information. It also covers information about individuals that is, or at least was, public – in the sense that there is a public interest in it being available to the public.

Mario Costeja González, a Spaniard who brought the court case against Google, claimed that it should not have provided a link to a 1998 online article in La vanguardia newspaper about a repossession of his home following debts he’d incurred. Information about such an event is hardly ‘private information’ in the normally understood sense. But the court thought otherwise, and Google, as a ‘data controller’ under European law, was obliged to respond not just to Mr González but to the thousands of people who contacted them requesting information about them be ‘de-linked’. (The González case, of course, is now notorious and has become the latest example of what’s known as the ‘Barbra Streisand effect’: an attempt to suppress information that has exactly the opposite effect.)

Though it may have had excellent reasons for coming to the conclusion it did, it’s unlikely that the Court gave much thought to the implications of its judgement. They range from the practical to the philosophical.

To take the most obvious, the judgement opened the gates to anyone embarrassed or offended enough by what people might learn about them on the internet to apply to have themselves ‘forgotten’ by search engines. These could include career criminals, politicians sensitive about lavish expenses or business persons with unsavoury methods; equally, they might be ordinary people who fear prospective employers may discover their teenage indiscretions lingering on the Web. But who will decide whether to accede to applicants’ requests or to reject them on the grounds of public interest? Clearly Google felt that it had to decide, on a case-by-case basis. But the number of applications was daunting: up to 18 July 91,000 requests were received by Google, relating to 328,000 URLs. Of these 53% pages were removed and 32% of requests were denied.

A small army of Google ‘removal men’ (‘para-legals’ in the jargon) will be needed. Google have also set up an ‘advisory council’. On what basis would these people make their decisions? Will links be broken for Google users in Europe, but not outside Europe, where the court’s ruling does not apply? And in any case why should decisions lie with a huge multinational US company?

‘Breaking the link’, though, may not be a straightforward matter. It may not be possible to access the information via the person’s name, but it will be by other routes. Even if Fred Goodwin were to win a ‘right to forget’ ruling, a Google search on ‘Royal Bank of Scotland’ and ‘disaster’ would lead easily enough to information about his iniquities.

And what about other search engines? After all, Google may be most people’s choice, but there are hundreds of other engines and meta-engines. Are they all going to have to consider the case for and against breaking a link? Some of them, like DuckDuckGo, have no European presence, so are not obliged to comply.

Finally, whatever happens to search engine links, the information itself remains live on the internet, so anyone who knows where to look can still find it.

Will decisions to remove links be regarded as censorship or rewriting history? Already The Guardian has complained that articles by its journalists, including Robert Peston, have been ‘disappeared’ by Google, despite being entirely accurate and in the public interest. And this is the nub of the problem. The criteria for removal are hopelessly vague. ‘Inadequate, irrelevant, no longer relevant, or excessive’ are all fundamentally subjective and un-legal terms.

In short, the Court’s ruling is both unworkable and potentially dangerous. But that’s not to say that there’s not a legitimate problem with personal information on the internet. In fact, there are at least three problems.

The first is a special one. Law and practice, for example the Rehabilitation of Offenders Act, has for long accepted the principle that some crimes and misdemeanours are time-limited. That is, that it is acceptable that employers, public bodies and others should not be aware of the fact that they occurred in the past. In the old analogue world such information could be discovered, but only after laborious burrowing in well-defended paper records. In the digital world such information tends to ‘stick’ – and to be retrievable by anyone within seconds.

The second problem is that it’s all too easy for someone to find damaging and inaccurate information about themselves online, often expressed in deeply offensive and even threatening language. Online bullying of children is common and has received much attention recently. Adults can fall victim to so-called ‘revenge porn’ following an acrimonious separation. Employees can become the subject of scurrilous and inaccurate comment by colleagues because of conflicts at work.

There may well be a case for an extension of ‘traditional’ data protection legislation – born in the pre-digital era and from a concern about the accuracy of personal information held in paper form by public bodies – to encompass other kinds of information. It may be, too, that targeting search engines is the best way of dealing with the issue, since ‘absolute deletion’ of online information is almost impossible and ‘disguising’ it through de-linking within major search engines is a pragmatic, ‘best-available’ solution to an impossible problem.

But if that is the way forward, a much better foundation is needed than the European Court’s crude ruling – and after a proper public debate about how to safeguard the interests of individual citizens without allowing governments and powerful companies and individuals to conceal information of public relevance. An opportunity for that debate is provided by a draft European data protection regulation, which has already passed through the European Parliament.

But there’s a third problem about the possible misuse of private information. Mega cybercorporations like Google, Facebook and Amazon hold a mass of information, much of it highly personal, about those who, often naively, make use of their services. And they exploit it – to try to sell things back to you, on the basis of what they know about you, but also in many other ways which you’re probably unaware of. But this is information you yourself are responsible for supplying – often freely and without prompting by the corporation concerned. The best answer to this is education and self-education: learning, from an early age, about the possible consequences about revealing details about yourself (effectively, to the world) that you might subsequently regret disclosing, and appreciating how corporations seek to exploit and make a profit from what you might innocently think is of interest only to your friends. ‘Friends’, of course, in the context of Facebook, can famously mean mere acquaintances or complete strangers.

There are signs that people are becoming aware of the dangers, as is shown by the popularity of services like Snapchat and Wickr that allow messages to ‘self-destruct’.

The ‘right to be forgotten’ debate highlights a truth about digital information – and especially online information – that many people have been slow to understand: that far from being transient and far less liable to disappear than analogue information, it’s slow to die, and much more instantly visible, through the massive power of contemporary search engines.

This is as true about personal information, in the broad sense of ‘information about individual people’, as it is about any other subject. It would be little wonder if an ever increasing percentage of the current UK population, for example, can be tracked down by name somewhere on the open web (or on the ‘dark’ web that can be accessed without difficulty by most people). The same must be true, incidentally, about people of the past, as more and more data from paper records become available as a result of digitisation programmes.

Even the might of the European Union is unlikely to stem this tide. The ability of anyone to live a full life – or an empty one, for that matter – and leave no trace of it for others to discover online is rapidly diminishing.

The benefits of being forgotten have been treated at length by Victor Mayer-Schönberger of the Oxford Internet Institute, in his book Delete: the virtues of forgetting in the digital age (Princeton UP, new ed., 2011). He points out that it’s much easier to decide to keep everything in digital form than to go to the effort and expense of editing vast quantities of data. But the effect of having everything of our past immediately accessible to us is that we become enslaved to our past, and unable to arrive at new decisions unencumbered with knowledge about what we did in the past. That traditional Christian ethic of forgiveness becomes harder to practise, as one’s sins and omissions, some of them committed long ago by a person we ourselves may now regard as a ‘superseded self’, remain on the record for all to see. The knowledge that our life is potentially under constant surveillance, like the prisoners in Jeremy Bentham’s ‘panopticon’, will make us anxious and wary. Spent convictions are never in reality spent, because knowledge about them lingers in the public realm. The distinction between a person’s public and private persona – or between different kinds of private persona – no longer obtains: messages between lovers, which in their old-world paper form would have been buried or destroyed – can be displayed to a wider readership long after love has fled.

There are other arguments that could be added to those of Mayer-Schönberger. Take the writing of history. One could argue that the writing of history has been possible until now not in spite of the paucity of evidence but because of it. In future, when so much information about our contemporary world will be available to them, historians will find it almost as impossible as we do to make sense of the billions of events, people and trends crowding around them. Like us they will in effect be living in the maelstrom of the now, not looking purposively back on a world that has gone.