Skip to main content

LUP Student Papers

LUND UNIVERSITY LIBRARIES

Humanizing the Digital Age: A Right to Be Forgotten Online? An EU–U.S. Comparative Study of Tomorrow's Privacy in Light of the General Data Protection Regulation and Google Spain v. AEPD

Kulevska, Sanna LU (2014) JURM02 20141
Department of Law
Abstract (Swedish)
Eftersom snabb teknisk utveckling och globalisering har förändrat sättet på vilket vi anförtror oss personuppgifter till webbplatser för sociala medier samt sökmotorer, har den Europeiska kommissionen föreslagit en ny dataskyddsförordning som kommer att förbättra skyddet för den personliga integriteteten på internet för medborgarna i EU. Då den med stor sannolikhet träder i kraft år 2016 kommer ett av de stora tilläggen från det nuvarande dataskyddsdirektivet 95/46/EC att vara den så kallade rätten att bli bortglömd. Det innebär en rätt för individer att kräva av sociala medier och andra innehavare av personlig data att radera personlig information. Den 13 maj 2014 kom en tolkning av detta direktiv genom EU-domstolens dom i målet Google... (More)
Eftersom snabb teknisk utveckling och globalisering har förändrat sättet på vilket vi anförtror oss personuppgifter till webbplatser för sociala medier samt sökmotorer, har den Europeiska kommissionen föreslagit en ny dataskyddsförordning som kommer att förbättra skyddet för den personliga integriteteten på internet för medborgarna i EU. Då den med stor sannolikhet träder i kraft år 2016 kommer ett av de stora tilläggen från det nuvarande dataskyddsdirektivet 95/46/EC att vara den så kallade rätten att bli bortglömd. Det innebär en rätt för individer att kräva av sociala medier och andra innehavare av personlig data att radera personlig information. Den 13 maj 2014 kom en tolkning av detta direktiv genom EU-domstolens dom i målet Google Spain v. APED, som gav medborgarna i EU en sådan rätt gentemot sökmotorer. Eftersom många EU-medborgare dagligen använder kommunikationsplattformar som tillhandahålls av amerikanska företag, granskar denna uppsats hur de differentierande attityderna till personlig integritet och yttrandefrihet i EU och USA kommer att försvåra genomförandet av en rätt att bli bortglömd i EU. Denna uppsats undersöker också om en sådan rätt kan existera i USA, där den personliga integriteten historiskt sätt fått lämna företräde åt en mycket stark yttrandefrihet. Rätten att bli bortglömd kommer sannolikt att innebära en förstärkt transatlantisk konflikt gällande dataskyddsnivån för EU-medborgarna vars data kontrolleras av amerikanska företag, och frågan är nu hur livskraftiga avtalsvillkoren numera är i ”Safe Harbor”-avtalet mellan USA och EU.

Konflikten mellan rätten till privatliv och yttrandefrihet har beaktats i den nya dataskyddsförordningen, där yttrandefriheten i artikel 17(3) anges som ett undantag från rätten att bli bortglömd. EU-kommissionär Viviane Reding yttrade att “det finns ingen rättighet som är absolut. En rättighet gäller alltid i den möjliga mån tills den kommer i konflikt med en annan rättighet.” Syftet med denna uppsats är att
undersöka hur utvidgad en individs rätt att bli bortglömd kan göras innan den kolliderar med en annan individs yttrandefrihet. Olika nivåer av radering undersöks och den enda möjliga vidgningen av rätten att bli bortglömd tycks vara att tillåta radering av innehåll som publicerats av individen själv. En bredare tillämpning av rätten att bli bortglömd skulle kränka yttrandefriheten och risker att sätta ett likhetstecken mellan integritet och censur på internet. En intressant fråga som granskas i denna uppsats är därför det stora ansvaret för hemsidor enligt artikel 17(2) i dataskyddsförordningen att radera lagligt och legitimt innehåll från internet, samtidigt som de har en skyldighet att tillgodose ett öppet forum med utrymme för yttrandefrihet. En komplicerande faktor är att den verkställande processen för en rätt till radering inte tycks vara tillfredsställande utarbetad av den europeiska kommissionen, då en rätt till radering av denna magnitud kommer vara tekniskt svår att fullfölja. För att möjliggöra en humanisering av den digitala tidsåldern, där ett felfritt digitalt minne är den nya standarden och en rätt till radering i så vid bemärkelse praktisk svår att genomdriva, föreslås i denna uppsats icke-juridiska sätt att skydda vårt digitala rykte som bättre balanserar personlig integritet och yttrandefrihet på internet. Exempel på sådana alternativa lösningar är frivilligt utarbetade standarder för internetmarknadens ledande företag, kontextualisering och kognitiv anpassning. (Less)
Abstract
Rapid technological developments and globalisation have profoundly changed the way people entrust their personal data to social media websites and search engines. As a result, the European Commission has proposed a General Data Protection Regulation (GDPR), to enhance online privacy rights for the citizens of the European Union. As the GDPR will most likely enter into force in 2016, one of the major extensions from the existing Directive 95/46/EC is the so called right to be forgotten. This implies a right for data subjects to request data controllers to delete all personal data related to them on the Internet, or to remove search results linking to their personal data. The right to be forgotten raised intense discussions in the media on... (More)
Rapid technological developments and globalisation have profoundly changed the way people entrust their personal data to social media websites and search engines. As a result, the European Commission has proposed a General Data Protection Regulation (GDPR), to enhance online privacy rights for the citizens of the European Union. As the GDPR will most likely enter into force in 2016, one of the major extensions from the existing Directive 95/46/EC is the so called right to be forgotten. This implies a right for data subjects to request data controllers to delete all personal data related to them on the Internet, or to remove search results linking to their personal data. The right to be forgotten raised intense discussions in the media on May 13, 2014, when the Court of Justice of the European Union in Google Spain v. AEPD interpreted Directive 95/46/EC as granting EU citizens such a right against search engines. As many EU citizens engage in the daily use of these services provided by U.S. online companies, this paper scrutinizes, in a fashion comparing the EU and the U.S.A, how the differentiating attitudes towards privacy and freedom of expression will challenge the implementation of a right to be forgotten in the EU. This thesis also investigates whether such a right could exist in the U.S.A., given that the freedom of expression historically has prevailed in privacy cases. The right to be forgotten will most likely lead to an enhanced transatlantic clash with regard to personal data protection, and this thesis questions whether the U.S.–EU Safe Harbor Agreement is still viable in the wake of Google Spain v. AEPD and the upcoming GDPR.
This potentially broad conflict is in fact an existing issue within the EU. It is considered in Article 17(3) of the GDPR, where freedom of expression is stated, in a somewhat unspecific manner, as an exception from erasure. EU Commissioner Viviane Reding stated that “there is no right that is absolute. A right always goes as far as it can until it comes in conflict with another right.” The purpose of this thesis is to find out how far a right to be forgotten can be extended before it interferes with freedom of expression. This thesis concludes that the proposed right to be forgotten needs to be narrowed, and that the only feasible extension of such a right appears to be to solely permit deletion of content posted by the data subjects themselves. An application any broader in nature might violate the right of freedom of expression, and risk putting an equal sign between privacy and online censorship. This thesis therefore scrutinizes the great responsibility requirement for websites and search engines, provided for in Article 17(2) of the GDPR and in Google Spain v. AEPD, to hide or delete lawful and legitimate content. One complicating factor is the enforcement process for the proposed right. The process does not appear to be satisfactorily worked out by the European Commission, since erasure of this magnitude will be technically hard to pursue. To humanize the digital age, where a flawless digital memory is the new default and the proposed right to be forgotten appears to be practically hard to enforce, this thesis proposes non-legislative solutions. These alternative solutions, such as best practice agreements, contextualization, and cognitive adjustment, will work to not only protect our digital persona, but will better balance the competing rights of privacy and freedom of expression. (Less)
Please use this url to cite or link to this publication:
author
Kulevska, Sanna LU
supervisor
organization
course
JURM02 20141
year
type
H3 - Professional qualifications (4 Years - )
subject
keywords
Google Spain v. AEPD, General Data Protection Regulation, GDPR, Directive 95/46/EC, EU Commission, Vivianne Reding, Barack Obama, Consumer Privacy Bill of Rights, Humaniazing, Digital Age, forgetting, remembering, reconceptualising, expiration dates, personal data, Digital Persona, Cognitive Adjustment, Transatlantic Clash, First Amendment, Communications Decency Act Section 230, Facebook, Google, DMCA, Digital Millennium Copyright Act, search engine, deletion responsibility, future of your past, user agreements, deletion, freedom of information, freedom of expression, U.S. Law, EU Law, Privacy Law, CJEU, The Court of Justice of the European Union, defamation, The Right to Be Forgotten, European Union, U.S.–EU Safe Harbour Agreement, WIkipedia, social media websites, data controller, best practice agreement, globalization, the Internet, Internet Law, Cyber Law, Global Technology, Berkman Center for Internet and Society at Harvard Law School, U.S.A., EU Commissioner, Technology, harmonize, cross-border collaboration, Professor Ulf Maunsbach, Faculty of Law at Lund University, Professor Christopher Gibson, Suffolk University Law School, David Larochelle, Lead Engineer.
language
English
id
4449685
date added to LUP
2014-08-26 08:55:22
date last changed
2014-09-10 12:14:39
@misc{4449685,
  abstract     = {{Rapid technological developments and globalisation have profoundly changed the way people entrust their personal data to social media websites and search engines. As a result, the European Commission has proposed a General Data Protection Regulation (GDPR), to enhance online privacy rights for the citizens of the European Union. As the GDPR will most likely enter into force in 2016, one of the major extensions from the existing Directive 95/46/EC is the so called right to be forgotten. This implies a right for data subjects to request data controllers to delete all personal data related to them on the Internet, or to remove search results linking to their personal data. The right to be forgotten raised intense discussions in the media on May 13, 2014, when the Court of Justice of the European Union in Google Spain v. AEPD interpreted Directive 95/46/EC as granting EU citizens such a right against search engines. As many EU citizens engage in the daily use of these services provided by U.S. online companies, this paper scrutinizes, in a fashion comparing the EU and the U.S.A, how the differentiating attitudes towards privacy and freedom of expression will challenge the implementation of a right to be forgotten in the EU. This thesis also investigates whether such a right could exist in the U.S.A., given that the freedom of expression historically has prevailed in privacy cases. The right to be forgotten will most likely lead to an enhanced transatlantic clash with regard to personal data protection, and this thesis questions whether the U.S.–EU Safe Harbor Agreement is still viable in the wake of Google Spain v. AEPD and the upcoming GDPR. 
This potentially broad conflict is in fact an existing issue within the EU. It is considered in Article 17(3) of the GDPR, where freedom of expression is stated, in a somewhat unspecific manner, as an exception from erasure. EU Commissioner Viviane Reding stated that “there is no right that is absolute. A right always goes as far as it can until it comes in conflict with another right.” The purpose of this thesis is to find out how far a right to be forgotten can be extended before it interferes with freedom of expression. This thesis concludes that the proposed right to be forgotten needs to be narrowed, and that the only feasible extension of such a right appears to be to solely permit deletion of content posted by the data subjects themselves. An application any broader in nature might violate the right of freedom of expression, and risk putting an equal sign between privacy and online censorship. This thesis therefore scrutinizes the great responsibility requirement for websites and search engines, provided for in Article 17(2) of the GDPR and in Google Spain v. AEPD, to hide or delete lawful and legitimate content. One complicating factor is the enforcement process for the proposed right. The process does not appear to be satisfactorily worked out by the European Commission, since erasure of this magnitude will be technically hard to pursue. To humanize the digital age, where a flawless digital memory is the new default and the proposed right to be forgotten appears to be practically hard to enforce, this thesis proposes non-legislative solutions. These alternative solutions, such as best practice agreements, contextualization, and cognitive adjustment, will work to not only protect our digital persona, but will better balance the competing rights of privacy and freedom of expression.}},
  author       = {{Kulevska, Sanna}},
  language     = {{eng}},
  note         = {{Student Paper}},
  title        = {{Humanizing the Digital Age: A Right to Be Forgotten Online? An EU–U.S. Comparative Study of Tomorrow's Privacy in Light of the General Data Protection Regulation and Google Spain v. AEPD}},
  year         = {{2014}},
}