The French DPA, the (CNIL), launched on May 30 a public consultation on the right to be forgotten. As noted, in French, on the CNIL’s website:
“The draft European Regulation would establish the principle of a digital “right to be forgotten” which would allow us to better control our online life. This new right would be exercised in respect of freedom of expression, the right of the press and the duty of memory. In this context, the CNIL has launched an online consultation about this right, which is often cited but whose contours remain unclear. In parallel, the CNIL also will consult professionals concerned with this issue. “
Some Questions Asked by the CNIL
Here are some of the questions individuals may choose to answer.
The CNIL asks individuals if they have ever published on the Internet their email, name, photographs or videos representing them, or if they have published personal information on a social network, such as their address or geolocation. The CNIL also asks individuals if they regularly check how their personal information is disseminated on the Internet.
The CNIL also asks individuals if they have ever found that information about themselves has been posted on the Internet without their consent, and if such dissemination of personal data has had negative consequences for them, whether it be on their personal life, professional life, or both. Participants may also share whether they have tried to remove or have removed this information, or have tried to remove or have removed this information on behalf of their minor children.
The CNIL also asks participants to share their opinion about the right to be forgotten. Do they think that this right constitutes the ability to erase one’s digital traces such as cookies, the ability to delete negative information about oneself, or the ability to control everything that is said about oneself, or even a form of Internet censorship?
The CNIL also asks whether individuals would like to be able to choose to index in search engines the information they post, or to de-reference information from a search engine once the information has been removed from the original site, or if websites should offer the opportunity to set “expiration dates” for one’s own publications, such as social networks posts.
The European Union Proposal Would Provide a Right to Be Forgotten
Article 17 of the Proposal would provide the data subject a right to be forgotten and to erasure. Article 12(b) of Directive 95/46/EC already provides such right. The data controller must, at the request of the data subject rectify, erase or block data which does not comply with the Directive, particularly if the personal data is incomplete or inaccurate.
The new Regulation would expand that right. The controller would have the obligation to inform third parties which are processing data of the data subject’s request to have any links to, or copies, or replications of that personal data, erased.
The debate on the right to be forgotten is open. The European Network and Information Security Agency (ENISA) published a report on the topic in November 2012. It states that the right to be forgotten would require defining the scope of personal data. ENISA asked whether personal data should include information that can be used to identify a person “with high probability but not with certainty” such as a picture of a person, or if it should include information identifying a person “not uniquely, but as a member of a more or less small set of individuals, such as a family.”
ENISA also pointed out the importance of clarifying who has the right to ask for deletion of personal data, and why this is needed. The report gives as example a photograph representing Bob and Alice. If Alice wants the picture to be “forgotten,”but not Bob, who should have the right to final decision? In the US, many believe that the right to be forgotten may be a threat to freedom of expression.
The results of the public consultation will be published on the CNIL’s site. We’ll keep you posted.