It started in 2010, when Costeja Gonzalez tried to erase part of his own history.
The Google search result that irked the Spaniard was an old newspaper report of an embarrassing time in his life when he had owed a social security debt. The report was accurate, but he had long moved on and it was wounding to him that, any time his name was googled, that report would come up.
Gonzalez’s suit to force the newspaper to take down its report failed. But when his case reached the European Court of Justice (ECJ) in 2014, he got a huge win and a judgment that continues to reverberate.
The ECJ ruled that Gonzalez had a legally enforceable “right to be forgotten”, and that Google was obliged, on his request, to remove the offending search result from its index and prevent it from being accessed via a search in the future.
Google has never been a big fan of that outcome; however, it has had to comply throughout the 28 member states of the European Union. Practically, what it did was implement geo-blocking on its European sites (Google has a separate domain for each country) so that, once a request to be forgotten has been received, the web pages in question won’t show up in the search results if the search has been made on a European Google site.
This week, the ECJ was asked whether that’s good enough, after the French privacy regulator fined Google for not making its geo-block operate world-wide. Ultimately the court said no, and that what Google has been doing is sufficient to comply with EU law.
The “right to be forgotten” was derived from the general provisions of an EU law made in 1995, which first attempted to enshrine the principle that “data-processing systems are designed to serve man”: they must “respect their fundamental right and freedoms, notably the right to privacy, and contribute to … the well-being of individuals”. Ultimately, the internet is supposed to be our servant, not master.
In 2016, the EU made the right to be forgotten explicit in its game-changing privacy law, the General Data Protection Regulation (GDPR). The law attempts the impossible: to sensibly balance the individual’s right to privacy against other competing interests, including the interest of the public in accessing information and freedom of speech. In doing so, it’s created a permanent knot of legal and moral conflicts. Good fun.
Australia is a long way behind here. We have nothing like the EU law yet. But the issues are elemental for all societies. What do human rights mean in the borderless, electronic world of ubiquitous and permanently retained data?
The classical conception of rights is grounded in the physical ownership of self: speech, association, religion, liberty and, more controversially, privacy. It was imagined in the context of a physical world, where what happens to us actually happens to us and is, consequently, subject to some effective level of state control.
While the parliaments and courts of most countries (including ours) have sought to pretend that there is no difference between the material and digital worlds, my goodness there certainly is. The borderlessness and omnipresence of the internet are key elements of this, but there’s more. Digital life is fundamentally changing our relationships with each other and ourselves. The fraught conversation about how freely and easily we’re handing over control of our own data to Google and Facebook is just one manifestation of the shift.
An obvious new paradigm is the permanent loss of something that only people over a certain age still remember: privacy in a public place. Likewise the permanent digital footprint, as Justin Trudeau was sharply reminded last week. These are fixed aspects of human existence today, with profound effects.
This is not to say that the war has been lost, and we may as well surrender to the inevitability of online embarrassment forever haunting our lives. The EU’s attempt to retake control in the name of human rights and dignity is admirable and worth close analysis. However, by applying a 20th century understanding of those rights to a 21st century landscape, it risks falling into the whack-a-mole trap exemplified by Australia’s current religious freedom fight.
There’s a vastly bigger picture here. We have already given up control of our personal data to governments and corporations, and our online histories are permanently cached. States are constantly and exponentially expanding their reach into our physical being, through CCTV, data access laws, facial recognition and so on. Artificial intelligence will game the last shreds of our ability to protect ourselves out of existence. None of this can be stopped, not really.
That’s the context. The questions it raises are: what will it mean to be human in the world we are busily coding; what human rights will logically flow from that meaning; and how may they be protected?
Looked at that way, it seems to me that the “right to be forgotten” is not a right at all; it’s just a negotiating point. We have a whole philosophy of existence to address anew.