The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Leave a comment


Please join us next Monday, from 11:00AM to 12:30PM EST for a free teleconference about the French Data Protection Authority, the Commission Nationale de l’Informatique et des Libertés (CNIL).

Florence Raynal, who is the Head of the Department of European and International Affairs at the CNIL, will present to us of the work of the CNIL. We will learn about the role the CNIL plays, not only on a-day-to-day basis, but also in the international scene, and how it weighs in on the current privacy debates, such as the reform of the data protection framework of the European Union.

 You will be able to ask questions during the program, or you can register your questions in advance.

 More information and how to register can be found here.

 We hope that you will join us next Monday!

Leave a comment

French DPA Launches Public Consultation on Right to Be Forgotten

The French DPA, the (CNIL), launched on May 30 a public consultation on the right to be forgotten. As noted, in French, on the CNIL’s website:

The draft European Regulation would establish the principle of a digital “right to be forgotten” which would allow us to better control our online life. This new right would be exercised in respect of freedom of expression, the right of the press and the duty of memory. In this context, the CNIL has launched an online consultation about this right, which is often cited but whose contours remain unclear. In parallel, the CNIL also will consult professionals concerned with this issue. “

Some Questions Asked by the CNIL

Here are some of the questions individuals may choose to answer.

The CNIL asks individuals if they have ever published on the Internet their email, name, photographs or videos representing them, or if they have published personal information on a social network, such as their address or geolocation. The CNIL also asks individuals if they regularly check how their personal information is disseminated on the Internet.

The CNIL also asks individuals if they have ever found that information about themselves has been posted on the Internet without their consent, and if such dissemination of personal data has had negative consequences for them, whether it be on their personal life, professional life, or both. Participants may also share whether they have tried to remove or have removed this information, or have tried to remove or have removed this information on behalf of their minor children.

The CNIL also asks participants to share their opinion about the right to be forgotten. Do they think that this right constitutes the ability to erase one’s digital traces such as cookies, the ability to delete negative information about oneself, or the ability to control everything that is said about oneself, or even a form of Internet censorship?

The CNIL also asks whether individuals would like to be able to choose to index in search engines the information they post, or to de-reference information from a search engine once the information has been removed from the original site, or if websites should offer the opportunity to set “expiration dates” for one’s own publications, such as social networks posts.

The European Union Proposal Would Provide a Right to Be Forgotten

Article 17 of the Proposal would provide the data subject a right to be forgotten and to erasure. Article 12(b) of Directive 95/46/EC already provides such right. The data controller must, at the request of the data subject rectify, erase or block data which does not comply with the Directive, particularly if the personal data is incomplete or inaccurate.

The new Regulation would expand that right. The controller would have the obligation to inform third parties which are processing data of the data subject’s request to have any links to, or copies, or replications of that personal data, erased.

The debate on the right to be forgotten is open. The European Network and Information Security Agency (ENISA) published a report on the topic in November 2012. It states that the right to be forgotten would require defining the scope of personal data. ENISA asked whether personal data should include information that can be used to identify a person “with high probability but not with certainty” such as a picture of a person, or if it should include information identifying a person “not uniquely, but as a member of a more or less small set of individuals, such as a family.”

ENISA also pointed out the importance of clarifying who has the right to ask for deletion of personal data, and why this is needed. The report gives as example a photograph representing Bob and Alice. If Alice wants the picture to be “forgotten,”but not Bob, who should have the right to final decision? In the US, many believe that the right to be forgotten may be a threat to freedom of expression.

The results of the public consultation will be published on the CNIL’s site. We’ll keep you posted.