EU Commission Says People Have a 'Right To Be Forgotten' Online

nk497 writes "The European Commission wants to strengthen data protection rules to give more power to consumers — including the right to be forgotten online. Legislation it's looking to push through next year will let consumers know when and how their data is being used, and force companies to delete it when asked. 'People should be able to give their informed consent to the processing of their personal data,' the commission said in a statement. 'They should have the "right to be forgotten" when their data is no longer needed or they want their data to be deleted.'"

What about other people's data about me?

[AmiMoJo]

I can delete my Facebook account but I can't delete the photos someone else took with me in them.

Re:What about other people's data about me?

[captainpanic]

I can delete my Facebook account but I can't delete the photos someone else took with me in them.

All data on Facebook is property of Facebook, not of the people who put it there... so you should be able to ask Facebook to remove it... (according to the text, "companies (i.e. Facebook) will be forced to delete it when asked").

Re:What about other people's data about me?

[cronco]

You can tag anything with any name on Facebook, it's just that the tag won't link to your profile if you don't have one.

Re:What about other people's data about me?

[ledow]

Then Facebook is the same as a photoshop. No-one MADE Facebook take your photos and scan them in and put them online and name you on them - some random individual (presumably someone who knows you, possibly not) put them up. What's the difference between that person getting a copy of the image from a photo shop and showing it to people in your office (presuming they work there too) or a potential future employer, or sticking it in their own photo album, or showing their cousins, or whatever else. You gonna hold the photoshop responsible if that happens?

If there is a photo of you that you don't want people to see - SEIZE the photo, not punish Facebook. The "idiot" that puts that photo online and tags you is the one who drops you in it, not Facebook. They could have done it on a million and one different sites, or in a letter, or pinned the photo to a noticeboard anonymously. And if it was taken in a public place, there's actually NOTHING you can do about it in the majority of sensible countries, so long as the photo is published complete (i.e. they didn't amplify your face and print it out on leaflets that they spread throughout the town but) - In lots of countries you have no right to photographs that include you if you're not the main subject of the photo and it's taken in a public place.

Basically - don't be stupid. That means that any moron that appears in my "photo of a new york street" could get my holiday photos deleted from Facebook - and, in fact, ANYONE could if they just *claimed* to be in the photo. How would Facebook prove / disprove otherwise.

Please stop thinking that the existence of Facebook in particular changes ANYTHING with regards personal privacy. And be more cautious about being photographed pissed out of your skull by work colleagues. And work in places that understand the work-personal life separation and that don't think just Googling each candidate's name is a reliable way to accurately find out about any possible indiscretions (otherwise every John Smith has an AWFUL hard time finding out) - if that's even LEGAL for them to do in the first place.

Re:What about other people's data about me?

[commodore64_love]

>>>Please stop thinking that the existence of Facebook in particular changes ANYTHING with regards personal privacy.

It does. It changes the level of distribution for your Drunken Party Photo from "a few friends" to "the entire globe". Which unfortunately includes your current employer, or the HR department of the new company you're trying to join.

Re:What about other people's data about me?

[Haedrian]

The problem isn't facebook as-such - the problem is how the web is turning into a semantic one - which lets you link information to one another.

If in the old days, I had a website with a few friends which we put images on - then only my friends would know about that. If I had any embarassing images, or images of me getting wasted or something - there is no problem at all.

People have many different aspects - and they would kindly like to keep those aspects seperate. You may be known to your friends as "That person who can belch the loudest", but when you're writing a C.V. - you don't put it over there. People want to keep these information private to certain people- the problem is that with all the links now - you can't really do that.

To give a proper example - take Linkln (which is used for 'professional' networking) and Facebook. You would ideally have a professional 'aspect' being shown there for your employer to see that you went to convention X, worked at company Y for N years et cetera - you don't want your employer to look at your 'wild side' on Facebook.

To summerise the above disjunctions - I may want my different aspects to be avaliable online - but I don't want everyone to be able to access them - and I want to be able to 'erase' mistakes which happened in my past - especially to someone important. People change (and therefore have "A right to be forgotten") and people have different aspects for different people - the way you are towards your friends =/= way you are towards your partner =/= towards your parents =/= towards your employers.

Re:What about other people's data about me?

[commodore64_love]

>>>They've always been able to do that.

False. When I was growing-up I had no way of publishing a photo to the whole world. I know because I tried it a couple times, but there was nothing like facebook, and the internet was still limited to just a few thousand college professors & computer hobbyists. Only the mass media corporations had the resources to distribute to the entire globe. - Not until ~2000 did the WWW reach greater than 50% of the population, and allow them to could share photos to the whole world. SO YES facebook, myspace, and other services have changed the level of distribution.
.

>>>those sorts of HR department investigations are (in most civilised countries) completely 100% inaccurate and completely 100% illegal

You saying the US is uncivilized? We are a different culture from the UK, that's true, but that doesn't mean we're not civilized. We have rule of law just like you do, and without a pesky queen to overrule it, or the will of the people. Anyway:

Here it's perfectly okay for HR departments to run background checks on their employees, including contacting the Social Security (SS) department to retrieve your employment history, and online postings/websites. And I suspect even in the EU, if it's illegal, it's still performed by the human resources employees in secret. (Like in the movie GATTACA where it was illegal to sample people's genes, and yet employers did it anyway.)

Maybe you'll understand better after you become a victim yourself.
I used to think like you, that nothing would ever happen,
until I became scammed a few times, and 2 employers stole my wages.

Re:What about other people's data about me?

[Anonymous+Brave+Guy]

I don't mind that. If fully informed and rational adults are willing to give up some privacy in exchange for some convenience, who am I to tell them they may not do so?

The sad thing, to me, is that the trend in recent years has been for corporations to just decide for us that everyone is like that, and act accordingly, because it makes them more money and privacy laws are so weak in most places that there has been nothing to stop the rot. Not everyone is happy for that sort of thing to happen.

Also, not everyone is mature enough and sufficiently aware of the facts to make an informed and rational decision. Those who are not include children, adults with learning disabilities, and non-technical/legal people who simply don't realise the implications of uploading data that they think only their "friends" can see.

Re:What about other people's data about me?

[Anonymous+Brave+Guy]

A photo taken in a public park is not "owned" by anyone. The light bouncing off your body is the common property of all.

Really? Even if it's taken with a telephoto lens, looking over your shoulder to capture you entering a PIN while making a card payment? Even if it's taken up a girl's skirt using a concealed camera in a low-carry bag? Even it uses new technology to render intimate images of someone that could not be seen with the naked eye? What about driving up to your home on a public road, raising a camera on a robot arm right up to a little gap you left in the curtains of each bedroom window, and snapping intimate photos of everyone in your family getting changed? And what about video? If a video is just a series of photos, and photographing anything in a public place is acceptable, can someone just follow you around all day, standing two feet behind you with a camcorder, and then publish a daily journal of your entire life every time you leave your home?

One of the biggest problems with this sort of debate is the assumption that absolute rules like "If you're in a public place, anything goes" are still worth anything. Modern technology is rapidly changing what is possible, and it is far from clear that all uses of that technology are good things. What is a public place, anyway? The implications of old definitions based on where the general public could access or where the general public could observe are completely different with modern technology providing many opportunities that would technically fit those criteria but that certainly aren't in the original spirit of the rule.

Re:What about other people's data about me?

[commodore64_love]

P.S.

One way for a lawyer to demonstrate to ignorant juries is to take their photo, add bits-and-pieces to make the jury appear to be smoking dope, and then show the "before" and "after" photos the next day. That would demonstrate "reasonable doubt" that the employee is not guilty, but a victim of a modified image.

Re:What about other people's data about me?

[AmiMoJo]

In Europe the right to a separate and private life outside work is enshrined in law and is considered a human right. It isn't simply that you might "want" it to be that way, it is considered to be necessary for human beings not to suffer unduly. Part of the work/life balance is being able to keep things you wish to be private and which do not affect your work private. There is some argument about what information that includes, but the basic idea is to protect the individual from the employer who by nature of providing employment (which everyone needs) is in a very strong position.

Amazing, and ironic

[siddesu]

Is this the same European Commission that decided some time ago to force data and voice service providers to keep phone and email records for years?

Will these data be subject to the "right to be forgotten", or government-retained stuff will be magically excepted?

Consistency, thy name is Europe.

Re:Amazing, and ironic

[Luckyo]

It's perfectly consistent once you stop being an ass and purposefully misunderstand the topic. Government and its way of using information is strictly regulated here - and by regulated I don't mean Bush-style "we do what we want and laws be damned" regulation, but a real working one.
Problem is, facebook, google et al are largely NOT regulated. They can keep your information forever, even if you "delete" it from your account, and sell it to the highest bidder. This is the part where essentially all EU member states start to have problems - here culturally, privacy is taken far more seriously then in US. As a result, the legislation is aimed to bring the american privacy "you have none" culture that is currently used in most of these companies closer in line with the European values. Such as not being able to just mine data and then mass sell it, even after you expressed a wish for data to be deleted instead.

The data and voice service providers have to keep certain data because they are common carriers. They are not, for example, allowed to mine the data and sell it, and they are only allowed to pass the data on when courts or certain legally entitled entities request it. There is no inconsistency, we can have both. We just have to have laws that work, and government that obeys them.

And notably, this is one of the very few issues where you can safely call then "European values", and not look like a clueless idiot, because unlike most things on which we Europeans tend to differ in a major way across our countries' borders, privacy is something treated in a very similar way across borders on the continent.

If this shocks you as an american, that's okay. We're shocked that you view universal healthcare as something bad too. It's a cultural difference. Just because we have universal healthcare doesn't mean we should force it on you, and just because you have no right to privacy (from our point of view) doesn't mean that you should force similar regime on us.

Re:Amazing, and ironic

[Peeteriz]

Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Convenant on Civil and Political Rights and in many other international and regional treaties. It is one of 'first principles' together with other basic freedoms. It is included in constitutions of many countries - in the newer constitutions it tends to be more explicit, and USA is a notable absence; but even there the issues like unreasonable searches and privacy of your home are covered.

Some classical citations from earlier centuries:

  In 1765, British Lord Camden, striking down a warrant to enter a house and seize papers wrote, "We can safely say there is no law in this country to justify the defendants in what they have done; if there was, it would destroy all the comforts of society, for papers are often the dearest property any man can have."

Parliamentarian William Pitt wrote, "The poorest man may in his cottage bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow though it; the storms may enter; the rain may enter -- but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement."

In 1890, American lawyers Samuel Warren and Louis Brandeis wrote a seminal piece on the right to privacy as a tort action describing privacy as "the right to be left alone."

However, in practice specific and detailed rights such as the right to privacy of personal data come from "we the people" agreeing that we want it and getting it passed as law - which EU has done a bit further than other countries. In this sense it's simply more like a business regulation, forcing businesses to keep a socially acceptable code of conduct.

As opposed to... what?

[Moraelin]

Yes, they did mandate keeping the logs for a given time, but then they have to be deleted, and specified who has the right to get them. I.e., it takes a subpoena.

But, as opposed to... what? Just trusting that the companies will automatically delete those logs, and will never use them for marketing or whatnot? Just look at the Facebook for an example of how much better _that_ went than, you know, ooooh, scary inconsistent nanny-state Europe.

Re:As opposed to... what?

[siddesu]

Actually, every country is free to implement the details of the directive in question regarding data deletion and privacy as they see fit. There is no magic "removal" wand, and many countries will keep some data, officially or not.

Some EC member countries even immediately abused the directive to mean extra data collection. Some countries decided to interpret it as a requirement for the police to have direct, real-time access to such information. In some countries, the fight to protect citizen privacy due to this directive is still not won by a wide margin.

Ignoring the schizophrenic inconsistency of the EC and not taking them to task is why they've turned the way they are.

The same European Commission is, for example, currently conspiring with several other governments and big business organizations to promote even more surveillance and enforcement with ACTA, and denies the European Parliament access to the text of the proposal agreements.

Re:As opposed to... what?

[schmidt349]

You know, given the choice between my retained personal information being used to (a) sell me pizza or (b) imprison me for expressing an unpopular political viewpoint, I think (b) is a way bigger deal than (a). And given Europe's track record on (b) (hint: 1936-1945 in one bit, and 1917-1991 in another), I'm going to have to say that the Eurofascists scare me a lot more than social media does.

Re:As opposed to... what?

[Haedrian]

"The same European Commission is, for example, currently conspiring with several other governments and big business organizations to promote even more surveillance and enforcement with ACTA, and denies the European Parliament access to the text of the proposal agreements"

Uh what?

http://boingboing.net/2010/03/10/eu-parliament-votes.html
http://yro.slashdot.org/story/10/09/08/1510255/European-Parliament-All-But-Rejects-ACTA

How does this work with years of backup tapes?

[ciderbrew]

This is both a flippant comment AND a real question. It must be very hard to clean up all the data?

Re:Agreed

[jgagnon]

On the contrary, this has all kinds of ugly written all over it. With how easy it is to impersonate people online, I can see many ways in which this can be abused.

Someone impersonates someone else and gets their data deleted. Easy enough, just ask to get it restored from backup, right? Wait, they're not allowed to keep backups of deleted stuff because that would violate this new law. Ouch...

Let the damn companies have whatever policies they want, force them to be open about those policies, and then let the people decide which companies they will deal with. Hell, even create a public forum for people to share their experiences with the companies so that others can be educated. But don't pass laws that could very easily make life hell for those that might actually WANT their information online (but not necessarily shared).

Hear that Slashdot?

[digitaldc]

Where's my comment history DELETE button? ;)

Info tech tools could give us MORE privacy

[guanxi]

Another poster compared privacy today and in the pre-Internet world, which got me to thinking: Until now, innovations in information technology have generally reduced privacy by making it easier, by many orders of magnitude, to copy, distribute, and find information. Any info about you that's on the Web, for example, can be immediately distributed across the world, copied by whoever wants it, and found via Google.

But information technology could also be used to improve our privacy over the pre-Internet world: Encryption, of course, but also anonymization, DRM (for your personal info, such as copy restrictions and expiration dates), and using search engines to automatically find other data, including the pattern recognition engines that can find photos. Some of these could be regulatory requirements (businesses must anonymize personal info as much as possible, must use DRM with copy restrictions and an expiration date, encrypted it, and the business is responsible for monitoring the web for errant copies). Businesses already use these tools to protect their data and online identity; there's no reason private citizens can't use them too.

In some ways, private citizens could have more control, not less, of their privacy and identity if they use the tools in their favor.

Heh

[Moraelin]

1. If you think your data in the USA would only be given to the pizzerias, and not to the USA government... heh. It's funny. You do know they subpoenad such stuff from Google and others already, right?

2. Oooh, scary Euro-fascists, 'cause you can dig up something from 65 years ago. Heh. Ah, the joys of semi-literate trolls who never heard of anything after WW2 because it's not in the Hollywood movies they mistake for education... Besides, I guess it saves the home-schooled right from acknowledging that the rest of the world has actually moved out of the 40's.

3. But if you want to compare fascists, let's compare fascists.

The USA moved a minority to concentration camps for, pretty much, fearing that their political sympathies may not be the proper ones... when? Oh wait, it was during the WW2 too.

The USA had the idiotic McCarthy scare... when? Until the late 50's? Shouldn't you remember that too, if for Europe the 1936-1945 era counts as recent enough?

The USA imprisoned and tortured people for mere suspicions, and skipping all human rights or safeguards of the rule of law... when? Oh, wait, that was in the 21'th century. I guess the 1945 is scarier because it's more recent than that, huh? Oh wait, it isn't.

The USA datamined not just phone records, but even grocery lists, to try to find out who's a muslim... when? Oh, wait, that's 21'st century too.

So, remind me, which of the two should you fear more? The ones who actually tortured people for the mere suspicion of supporting the wrong gang 2-3 years ago, or those who did it 65 years ago?

Re:Agreed

[ashkante]

Assuming that the effort put into this law is more than half-assed, I am thinking that there may be a distinction between "data I have put there (into the cloud) to be stored, as in documents, photos, database contents, etc", versus "data that the companies collect, as in webpage visit counters, IP addresses, browser and system stats". I, personally, include web registration data, addresses, phone numbers among the latter. And yes, I would like to have those erased, along with backups if I stop using the web service. As for impersonation, that can wreak some pretty nasty havoc with your life even without such legislation and needs further looking-into. I am grateful at least that I don't have to write laws about it :D

Re:Agreed

[JaredOfEuropa]

Let the damn companies have whatever policies they want, force them to be open about those policies

That is how it should be. And a number of European countries have data privacy laws to that effect. Companies have to publish what they are going to do with your data and are not allowed to do anything else with it. They also have to let you know, on request, what data they have on you. Not a bad law, but I would like to see it extended a little bit, as follows:

A company's data privacy disclaimer/statement shall not exceed half a page of text (A4/Letter in 12 point letters, in case someone wants to get smart with fine print). It shall not be embedded in a longer generic disclaimer, but stand on its own.

Better yet, the government could issue a generic, well-understood disclaimer in which companies provide the details about the data, access, retention, sharing, etc. Currently it is not humanly possible to read these disclaimers, being half a book's worth of legalese. This is done on purpose.

Sounds like the Data Protection Act 1984

[Duncan+J+Murray]

Sounds an awful lot like the uk data protection act of 1984, which applied to all data, written and electronic, held on an individual.

"Personal information may be kept for no longer than is necessary and must be kept up to date."

"Data must not be disclosed to other parties without the consent of the individual about whom it is about..."

"Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training)."

http://en.wikipedia.org/wiki/Data_Protection_Act_1984#History

Looking through the main points of the Act, it makes you wonder why you don't hear more about nefarious data-collecting companies being taken to the courts here in the U.K.

Common names

[antifoidulus]

Tip for anyone who will be a parent(cue slashdot sex jokes:P): Pick the absolute most common name for your child. If there is a famous person with your last name, give your child the same first name as the celebrity. If you have a super uncommon last name, use your spouses last name. It's really one of the few ways you can protect your privacy online anymore, ie by making you a needle in a haystack of people with the same name. I know if I have a son I am certainly naming him after an actor that shares the same last name as I do.

Re:So that's socialism?

[Haedrian]

Woah Woah Woah. You actually like socialism?

You're not being brainwashed enough. Go watch another American-made cold-war film, put on some patriotic speeches and let me not here any nonsense like that again!

</satire>

Data purge? Impossible!

[FPoe]

Anyone know knows how an enterprise backup system works knows that this is nearly impossible. You'd have to know their backup practices to really know the extent of data retention but for a company that size, I offer the following example: Since their (your) data is worth big $$$, they probably run nightly incremental, weekly backups (maybe), monthly backups, and finally yearly backups. Given DR concerns the might have global mirrors and off-site tapes (definitely one of the two). So all in all, one picture you post could represent literally dozens of instances. Purging all this data out would be impossible at an extremely massive burden to the company.