Forgot your password?
typodupeerror
Privacy The Internet Your Rights Online

EU Commission Says People Have a 'Right To Be Forgotten' Online 200

Posted by timothy
from the pesky-data-retention-laws dept.
nk497 writes "The European Commission wants to strengthen data protection rules to give more power to consumers — including the right to be forgotten online. Legislation it's looking to push through next year will let consumers know when and how their data is being used, and force companies to delete it when asked. 'People should be able to give their informed consent to the processing of their personal data,' the commission said in a statement. 'They should have the "right to be forgotten" when their data is no longer needed or they want their data to be deleted.'"
This discussion has been archived. No new comments can be posted.

EU Commission Says People Have a 'Right To Be Forgotten' Online

Comments Filter:
  • by AmiMoJo (196126) <mojo @ w orld3.net> on Friday November 05, 2010 @08:04AM (#34134342) Homepage

    I can delete my Facebook account but I can't delete the photos someone else took with me in them.

    • by captainpanic (1173915) on Friday November 05, 2010 @08:17AM (#34134412)

      I can delete my Facebook account but I can't delete the photos someone else took with me in them.

      All data on Facebook is property of Facebook, not of the people who put it there... so you should be able to ask Facebook to remove it... (according to the text, "companies (i.e. Facebook) will be forced to delete it when asked").

      • All data on Facebook is property of Facebook, not of the people who put it there... so you should be able to ask Facebook to remove it... (according to the text, "companies (i.e. Facebook) will be forced to delete it when asked").

        And that doesn't sound like it will ripe for abuse...

        Oh wait...

    • by jhigh (657789)

      I can delete my Facebook account but I can't delete the photos someone else took with me in them.

      While I believe that the EU is targeting the corporate world with these rules, it would be interesting to see an attempt to enforce this against individuals. For example, if you're at a company picnic and I snap a photo that happens to have you in the background. I then post said photo to my Facebook account. Should I be required to take down a photo that incidentally has you in if you request me to do so? Whose interest will win out in this scenario? Your interest in remaining anonymous online or my i

      • A photo taken in a public park is not "owned" by anyone. The light bouncing off your body is the common property of all.

        Now if your photo was in somebody's home, then they'd certainly have the right to request you stop pasting photos of their furniture/friends online, because that's (1) private and (2) enticing to thieves and potentially dangerous.

        • Re: (Score:3, Insightful)

          A photo taken in a public park is not "owned" by anyone. The light bouncing off your body is the common property of all.

          Really? Even if it's taken with a telephoto lens, looking over your shoulder to capture you entering a PIN while making a card payment? Even if it's taken up a girl's skirt using a concealed camera in a low-carry bag? Even it uses new technology to render intimate images of someone that could not be seen with the naked eye? What about driving up to your home on a public road, raising a camera on a robot arm right up to a little gap you left in the curtains of each bedroom window, and snapping intimate photo

        • by KDR_11k (778916)

          Fortunately that's not how the law works. The photo may be property of the photographer but to publish it he'd still need the consent of every identifiable person in the picture (hence the face blurring in photos from many countries). There may be an exception for photographing celebrities but not with random people.

    • by Haedrian (1676506)
      Interestingly enough 'deleting' your stuff on facebook does not mean that they disappear - but rather that they're marked to be deleted later - and kept for a few months until their garbage collector gets around to it. There was a /. story about that recently.
  • Amazing, and ironic (Score:5, Interesting)

    by siddesu (698447) on Friday November 05, 2010 @08:05AM (#34134352)

    Is this the same European Commission that decided some time ago to force data and voice service providers to keep phone and email records for years?

    Will these data be subject to the "right to be forgotten", or government-retained stuff will be magically excepted?

    Consistency, thy name is Europe.

    • by Moraelin (679338) on Friday November 05, 2010 @08:20AM (#34134430) Journal

      Yes, they did mandate keeping the logs for a given time, but then they have to be deleted, and specified who has the right to get them. I.e., it takes a subpoena.

      But, as opposed to... what? Just trusting that the companies will automatically delete those logs, and will never use them for marketing or whatnot? Just look at the Facebook for an example of how much better _that_ went than, you know, ooooh, scary inconsistent nanny-state Europe.

      • by siddesu (698447) on Friday November 05, 2010 @08:30AM (#34134486)

        Actually, every country is free to implement the details of the directive in question regarding data deletion and privacy as they see fit. There is no magic "removal" wand, and many countries will keep some data, officially or not.

        Some EC member countries even immediately abused the directive to mean extra data collection. Some countries decided to interpret it as a requirement for the police to have direct, real-time access to such information. In some countries, the fight to protect citizen privacy due to this directive is still not won by a wide margin.

        Ignoring the schizophrenic inconsistency of the EC and not taking them to task is why they've turned the way they are.

        The same European Commission is, for example, currently conspiring with several other governments and big business organizations to promote even more surveillance and enforcement with ACTA, and denies the European Parliament access to the text of the proposal agreements.

        • Re: (Score:3, Informative)

          by Haedrian (1676506)
          "The same European Commission is, for example, currently conspiring with several other governments and big business organizations to promote even more surveillance and enforcement with ACTA, and denies the European Parliament access to the text of the proposal agreements"

          Uh what?

          http://boingboing.net/2010/03/10/eu-parliament-votes.html
          http://yro.slashdot.org/story/10/09/08/1510255/European-Parliament-All-But-Rejects-ACTA
      • Re: (Score:3, Interesting)

        by schmidt349 (690948)

        You know, given the choice between my retained personal information being used to (a) sell me pizza or (b) imprison me for expressing an unpopular political viewpoint, I think (b) is a way bigger deal than (a). And given Europe's track record on (b) (hint: 1936-1945 in one bit, and 1917-1991 in another), I'm going to have to say that the Eurofascists scare me a lot more than social media does.

        • Heh (Score:5, Insightful)

          by Moraelin (679338) on Friday November 05, 2010 @08:50AM (#34134606) Journal

          1. If you think your data in the USA would only be given to the pizzerias, and not to the USA government... heh. It's funny. You do know they subpoenad such stuff from Google and others already, right?

          2. Oooh, scary Euro-fascists, 'cause you can dig up something from 65 years ago. Heh. Ah, the joys of semi-literate trolls who never heard of anything after WW2 because it's not in the Hollywood movies they mistake for education... Besides, I guess it saves the home-schooled right from acknowledging that the rest of the world has actually moved out of the 40's.

          3. But if you want to compare fascists, let's compare fascists.

          The USA moved a minority to concentration camps for, pretty much, fearing that their political sympathies may not be the proper ones... when? Oh wait, it was during the WW2 too.

          The USA had the idiotic McCarthy scare... when? Until the late 50's? Shouldn't you remember that too, if for Europe the 1936-1945 era counts as recent enough?

          The USA imprisoned and tortured people for mere suspicions, and skipping all human rights or safeguards of the rule of law... when? Oh, wait, that was in the 21'th century. I guess the 1945 is scarier because it's more recent than that, huh? Oh wait, it isn't.

          The USA datamined not just phone records, but even grocery lists, to try to find out who's a muslim... when? Oh, wait, that's 21'st century too.

          So, remind me, which of the two should you fear more? The ones who actually tortured people for the mere suspicion of supporting the wrong gang 2-3 years ago, or those who did it 65 years ago?

          • by jgagnon (1663075)

            While I agree with most of what you said, do you honestly think the US is working alone in these recent actions?

          • by Ash Vince (602485) *

            The ones who actually tortured people for the mere suspicion of supporting the wrong gang 2-3 years ago, or those who did it 65 years ago?

            Nice post.

            I would like to add that the European gang in question found themselves swinging at the end of a rope for their trouble. It also lead to the establishment of the Nuremburg Principles: http://en.wikipedia.org/wiki/Nuremberg_Principles [wikipedia.org]

          • ...concentration camps...

            You do understand the difference between "internment camp" and the historically loaded term "concentration camp", right? Im pretty sure that, as bad as the internment camps were, we didnt actually work anyone to death or gas anyone.

        • by hedwards (940851)
          I was harassed for a number of years by the US Navy when my high school handed over my contact information to the government without my permission or even being required to tell me they had done it. They're not required to disclose that they can't continue contacting you without permission and they're not required to adhere to any sort of ethical standard when it comes to making promises either. Deep within the contract they want you to sign is a "military convenience" clause which pretty much indicates tha
    • Probably a different department :)

      You seem to suggest that laws cannot conflicht with each other... But laws are only as good as the people who wrote them, and that suggests that it is very possible indeed that laws conflict with each other.

      Anyway, I am happy that at least online data can be removed now.
      All stored data (on a company database or a government database) will be another thing...

      -- A small step forward is still a stop forward.

      • by siddesu (698447)

        I would be even happier if, when such proposals go to the European Parliament, someone will remember to add a clause mandating the member governments to respect this right.

        Compared to government abuse, company data retention is much less dangerous.

        • by Haedrian (1676506)
          In the EU, there is an independant court called the "European Court of Human Rights" which deals with things of that manner. If you honestly feel that the government is infringing your rights in this manner, you can actually sue your government for it.

          And in certain cases, the government actually lost and had to pay up and change - so its not just a 'pretend' court.

          http://en.wikipedia.org/wiki/European_court_of_human_rights
          • Strictly speaking it's not just in the EU

            The ECHR is a creation of the European Convention on Human Rights which was founded by the Council of Europe (which predates and has more members than the EU).

            This distinction is deliberately blurred by some of the more anti-European press, some multinational companies and political parties who like to portray the EU as some kind of supranational big government bogeyman. Conflating the ECHR with EU mandates serves this purpose well. This attitude (which is similar t

        • I would be even happier if, when such proposals go to the European Parliament, someone will remember to add a clause mandating the member governments to respect this right.

          Compared to government abuse, company data retention is much less dangerous.

          Although I agree with the intentions you seem to have (less data on government databases), I think it is not smart to couple these two things.

          Online data is the current topic... and the EU seems willing to improve this situation.
          What you talk about - those government databases - is considered state security. And it is gonna take a little more to convince those paranoid war hawks that they're just as safe when they cannot spy on every step that the population takes.

          So, I think we should pursue both goals, bu

    • by Luckyo (1726890) on Friday November 05, 2010 @08:32AM (#34134498)

      It's perfectly consistent once you stop being an ass and purposefully misunderstand the topic. Government and its way of using information is strictly regulated here - and by regulated I don't mean Bush-style "we do what we want and laws be damned" regulation, but a real working one.
      Problem is, facebook, google et al are largely NOT regulated. They can keep your information forever, even if you "delete" it from your account, and sell it to the highest bidder. This is the part where essentially all EU member states start to have problems - here culturally, privacy is taken far more seriously then in US. As a result, the legislation is aimed to bring the american privacy "you have none" culture that is currently used in most of these companies closer in line with the European values. Such as not being able to just mine data and then mass sell it, even after you expressed a wish for data to be deleted instead.

      The data and voice service providers have to keep certain data because they are common carriers. They are not, for example, allowed to mine the data and sell it, and they are only allowed to pass the data on when courts or certain legally entitled entities request it. There is no inconsistency, we can have both. We just have to have laws that work, and government that obeys them.

      And notably, this is one of the very few issues where you can safely call then "European values", and not look like a clueless idiot, because unlike most things on which we Europeans tend to differ in a major way across our countries' borders, privacy is something treated in a very similar way across borders on the continent.

      If this shocks you as an american, that's okay. We're shocked that you view universal healthcare as something bad too. It's a cultural difference. Just because we have universal healthcare doesn't mean we should force it on you, and just because you have no right to privacy (from our point of view) doesn't mean that you should force similar regime on us.

      • by Hatta (162192)

        I totally get that Europeans value privacy and seek to promote it through regulation. What I don't understand is how this is a "right". Rights are derived from first principles, not enacted on an as needed basis. What is the philosophical underpinning of this "right" to privacy?

        • by Haedrian (1676506)
          Note sure what kind of answer you are expecting but:

          "Article 8 &ndash; Right to respect for private and family life

          1. Everyone has the right to respect for his private and family life, his home and his correspondence."
        • Re: (Score:3, Informative)

          by Peeteriz (821290)

          Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Convenant on Civil and Political Rights and in many other international and regional treaties. It is one of 'first principles' together with other basic freedoms. It is included in constitutions of many countries - in the newer constitutions it tends to be more explicit, and USA is a notable absence; but even there the issues like unreasonable searches and privacy of your home are covered.

          Some classical

        • Privacy is necessary to exercise rights in the face of the massive difference in power between the individual and everyone else. The concept of privacy may have come later, but something that makes other rights possible must surely be a right itself.
    • by Myopic (18616)

      Almost no laws apply to the government which passes them. COPA comes to mind, but pretty much all laws have sovereign exceptions.

  • Now, to force the removal of my name from old spam list using this.......

  • for deletion requests its as good as not having a law requiring the ability to delete the information.

  • by ciderbrew (1860166) on Friday November 05, 2010 @08:23AM (#34134458)
    This is both a flippant comment AND a real question. It must be very hard to clean up all the data?
  • by gmuslera (3436)
    the problem starts when a right becomes an obligation, and involves more than just big companies in their own information
  • If I want to be able to ask companies in the future to delete data about me, that means they have to keep that data clearly labelled as being about me.

    Otherwise, they could "anonymise" it by removing my name, but that's not real anonymity. If my mobile phone operator removes my name, but keeps the info about what house Customer0001 spends the night in and what office Customer0001 spend 40 hours of daytime in, Monday to Friday, well, there's only one person in the world that fits Customer0001's profile. :-/

  • by digitaldc (879047) * on Friday November 05, 2010 @08:44AM (#34134550)
    Where's my comment history DELETE button? ;)
  • by guanxi (216397) on Friday November 05, 2010 @08:48AM (#34134582)

    Another poster compared privacy today and in the pre-Internet world, which got me to thinking: Until now, innovations in information technology have generally reduced privacy by making it easier, by many orders of magnitude, to copy, distribute, and find information. Any info about you that's on the Web, for example, can be immediately distributed across the world, copied by whoever wants it, and found via Google.

    But information technology could also be used to improve our privacy over the pre-Internet world: Encryption, of course, but also anonymization, DRM (for your personal info, such as copy restrictions and expiration dates), and using search engines to automatically find other data, including the pattern recognition engines that can find photos. Some of these could be regulatory requirements (businesses must anonymize personal info as much as possible, must use DRM with copy restrictions and an expiration date, encrypted it, and the business is responsible for monitoring the web for errant copies). Businesses already use these tools to protect their data and online identity; there's no reason private citizens can't use them too.

    In some ways, private citizens could have more control, not less, of their privacy and identity if they use the tools in their favor.

    • by IBBoard (1128019)

      But information technology could also be used to improve our privacy over the pre-Internet world

      And if the EnCoRe project [encore-project.info] gets its implementation right then we'll have controls that will help even more. It is basically a research project looking at "Ensuring Consent and Revocation" with the ideal of having informed people using certified services that provide certain guarantees about how they deal with, process and dispose of your data.

      On the DRM point, I think that it is one of the few places where it is r

    • More information more widely distributed wants to be more free. Technology can only do so much, especially when any privacy law will barely have any substance after all the loopholes and backdoors are added to exclude "criminals".
  • Sounds an awful lot like the uk data protection act of 1984, which applied to all data, written and electronic, held on an individual.

    "Personal information may be kept for no longer than is necessary and must be kept up to date."

    "Data must not be disclosed to other parties without the consent of the individual about whom it is about..."

    "Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measu

  • Common names (Score:4, Interesting)

    by antifoidulus (807088) on Friday November 05, 2010 @08:58AM (#34134694) Homepage Journal
    Tip for anyone who will be a parent(cue slashdot sex jokes:P): Pick the absolute most common name for your child. If there is a famous person with your last name, give your child the same first name as the celebrity. If you have a super uncommon last name, use your spouses last name. It's really one of the few ways you can protect your privacy online anymore, ie by making you a needle in a haystack of people with the same name. I know if I have a son I am certainly naming him after an actor that shares the same last name as I do.
    • If your last name is "Holmes", pick "Sherlock" instead of "John."
      • I shall definitely be calling my child Adam, not Fred. I will absolutely forbid grey Lycra in the house.

        Sincerely,
        P. West.
  • The government protects the rights of its citizens against private industry? Sign me up!

    • Re: (Score:3, Insightful)

      by Haedrian (1676506)
      Woah Woah Woah. You actually like socialism?

      You're not being brainwashed enough. Go watch another American-made cold-war film, put on some patriotic speeches and let me not here any nonsense like that again!

      </satire>
  • After reading all these new rights the EU is approving, maybe I should move there.
    Anybody need an english-speaking engineer? Or maybe a German-to-English translator of written works?
    (Maybe the market's no better in the EU than the US?)

  • by FPoe (1935312) on Friday November 05, 2010 @10:28AM (#34135702)
    Anyone know knows how an enterprise backup system works knows that this is nearly impossible. You'd have to know their backup practices to really know the extent of data retention but for a company that size, I offer the following example: Since their (your) data is worth big $$$, they probably run nightly incremental, weekly backups (maybe), monthly backups, and finally yearly backups. Given DR concerns the might have global mirrors and off-site tapes (definitely one of the two). So all in all, one picture you post could represent literally dozens of instances. Purging all this data out would be impossible at an extremely massive burden to the company.
  • The right to be forgotten is the right to control other people's minds. I realize they don't mean it quite that literally, but the way they do mean it is extremely intrusive as well.

  • How will that work if, say, a European citizen complains that Facebook (based in the U.S.) has been mis-using their personal data?
  • 'They should have the "right to be forgotten" when their data is no longer needed or they want their data to be deleted.'"

    This makes me wonder: who decides when the data is no longer needed?

    "No sir, we need to retain your name, address, social security number, immunization history, telephone number, record of charitable contributions and the name of the woman you just broke up with on Facebook in order to optimize our customer satisfaction and courtesy first program. Yes sir, you are the customer, but sir, that does not necessarily mean you are always right, or even that you are right most of the time. In fact, just let me c

Machines certainly can solve problems, store information, correlate, and play games -- but not with pleasure. -- Leo Rosten

Working...