Most of us leave behind an ever-growing digital trail that includes information that we publish about ourselves — such as Facebook postings — and information published about us. While the ability to share personal information can enhance our lives, there is a dark side. Embarrassing photos of us socialising, for example, can later be used against us for very different purposes, such as in the employment context.
As our personal lives become more visible, it may be that social attitudes will adjust, so we become more tolerant and forgiving of personal lapses or foibles. But one of the paradoxes of the digital age is that just as our lives have become more transparent, attitudes seem to have become more intolerant and less forgiving. In what is called the attention economy, not only public figures but ordinary people are subject to more scrutiny than ever.
The current default settings of the internet maximise openness and access. Once information is posted it becomes permanent and easily accessed, especially via search engines. Yet people’s interests in sensationalism, and the operation of search algorithms, means that the most accessible information about us is often the most embarrassing or hurtful.
Permanence, accessibility and searchability clearly benefit the business interests of some of the world’s largest companies. The business models of Google and Facebook, for example, are based on commercialising other people’s information. It is hardly surprising, then, that it is notoriously difficult to permanently delete your Facebook account.
The European Union is proposing to introduce new laws to update privacy protection to take into account changes in technology, including the growth of social networking. The proposed laws include a “right to be forgotten”, meaning a right of users to ensure that some of the information held about them is erased. The proposal has generated a lot of commentary, much of it overwrought and alarmist.
There are two main criticisms of the proposed right: that it would result in unjustifiable censorship and that it is unworkable. These claims are based on a misreading of the European proposal, as well as a simplistic understanding of privacy and freedom of expression.
The proposed European law is a modest attempt to restore some balance in favour of individuals being able to control their own data. The proposed right to delete data is, in fact, highly qualified. For example, the right only arises once certain conditions are satisfied, such as that the data is no longer needed, or where data is collected or processed with a person’s consent and that consent is later withdrawn.
Get Crikey FREE to your inbox every weekday morning with the Crikey Worm.
The proposed right is also subject to important exceptions. For example, it does not apply where it would conflict with the freedom of expression of journalists, or with freedom of artistic or literary expression. Claims that the proposal will stifle the press are therefore untrue — there is an express exception for journalists. There is also an exception for individuals engaged in purely personal or household activities.
A couple of points should be made in response to claims that the proposed right is a form of censorship. First, privacy is not necessarily the opposite of freedom of expression — if people feel assured they have some control over their information, they are more likely to share it. On the other hand, if people know that what they say and do online will be accessible to all, and for all time, they may be more likely to self-censor. The negative consequences of the current internet defaults could easily promote a culture of conformity.
Secondly, steps are already being taken by people to manage their digital trails. Especially in the United States, we have seen the emergence of reputation management services, which, often in return for a fee, offer to “sanitise” the internet of embarrassing or harmful information. These services can have some success; when approached, websites often simply take down information. But this raises the spectre of private censorship. And why should people pay to protect what is their own information?
Those who oppose the “right to be forgotten” are correct when they say that getting the balance between privacy and freedom of expression online is complex. As people are often unaware of the consequences of surrendering their information, however, some regulation is needed to ensure a level playing field between consumers and business. And it is preferable for this to be done through a law, which incorporates appropriate checks and balances, rather than being left to the vagaries of the unregulated market.
Regarding arguments that a right to delete information on the internet is unworkable, it is absolutely true that, due to the ease of copying information, it is difficult or impossible to ensure that information can ever be completely erased. It is also true that regulating the internet is challenging, and that it is important that laws do not unduly infringe freedoms or deter innovation.
Like many laws, however, the proposed “right to be forgotten” should not be seen as a cure-all. The most it can do is to restore some control to individuals, and provide a check on some of the most harmful online practices. Moreover, judicious laws are often needed to protect individual rights, as well as to ensure the effective operation of markets. It is ultimately more productive for debates to focus on the kind of laws and regulation that are desirable, rather than to resort to utopian fantasies of the internet as a regulation-free zone.
As we grapple with the challenges of technological change, public debate about whether and how to regulate is necessary. Reasonable people can disagree, but our understanding of these issues is not helped by a knee-jerk hostility to regulation, or by alarmist and ill-founded claims that any removal of material is a form of censorship. Australia could do worse than to consider following the European example.
*David Lindsay is an associate professor in the faculty of law, Monash University. Monash Law School will host a conference on Emerging Challenges in Privacy Law: Australian and EU Perspectives on February 23-24.