What’s Wrong with the Right to be Forgotten?

The ‘Right to be Forgotten’ has become a major point of discussion and negotiation with the proposed EU data protection regulation, and the UK government has been one of its harshest critics.  They have been trying to argue for an opt-out in the event of not getting the law changed. 

So we decided it was worth having a look at in more detail.

The basic principle is that anybody should have the right to control who has access to their personal data.  If an organisation has their data, the right to be forgotten enables the individual to demand that it be removed or deleted by that organisation.

Of course there is potential for this to be abused. People who would like to wipe past mis-deeds from the record would be able to re-write their personal history, in a kind of reverse Orwellian ‘rectification’ (in Orwell’s 1984 the state re-wrote historical records so they always agreed with current poltical doctrine).

However the regulation recognises this and puts protections in place for journalistic, historical, medical and statistical records integrity.  Apart from a few edge cases, which could undoubtedly be scrutinised individually, most people would find these exceptions quite reasonable.

There are other elements of the requirements however that pose greater problems.  In particular is the part that requires primary source publishers to use reasonable steps to instruct anyone who has re-published the data to also remove it.

When you think about how content can easily go viral, be copied and shared across thousands of services within a few days or hours of it going on line – this requirement is a huge problem for major service providers like Google and Facebook to comply with.

Yet whilst such a thing might require a lot of technological change it is not a problem that would be insurmountable. Plus there is no absolute requirement to ensure verifiable deletion by the third parties either, it is merely a requirement to try, where possible.

This is no reason to try and scupper the whole regulation.  However it is the way the UK government is attacking this issue that is the most puzzling.  Their argument seems to be that because the mere wording of the phrase ‘right to be forgotten’ would create unrealistic expectations amongst consumers, the right itself, and possiblly the whole regulation should be scrapped.  This strikes me as sound bite politicking of the worst kind.

Does it not occur to them that the phrase could be changed, or some of the more difficult elements of the requirements made more realistic?  That would still be better for consumers than the current situation would it not, without the requirement for huge administrative burdens?

In a recent interview, Google Executive Chairman Eric Schmidt stated “This lack of a delete button on the Internet is in fact a significant issue…There are times when erasure [of data] is the right thing..“

This is a man who probably has more investment in the persistence of data than anyone else on the planet – and he can see that some kind of right to be forgotten would be a good thing. 

So the fact that the UK government is campaigning so hard against it, suggests they are less interested in practical consumer protections, than using the negotiations over the Data Protection Regulation to show off their anti-EU credentials for internal political reasons.