Forgot your password?
typodupeerror
Privacy EU Your Rights Online

Why Big Data Could Sink Europe's 'Right To Be Forgotten' 128

Posted by Soulskill
from the internets-never-forget dept.
concealment tips this news from GigaOm: "Europe's proposed 'right to be forgotten' has been the subject of intense debate, with many people arguing it's simply not practical in the age of the internet for any data to be reliably expunged from history. Well, add another voice to that mix. The European Network and Information Security Agency (ENISA) has published its assessment of the proposals (PDF), and the tone is skeptical to say the least. And, interestingly, one of the biggest problems ENISA has found has to do with big data. They say, 'Removing forgotten information from all aggregated or derived forms may present a significant technical challenge. On the other hand, not removing such information from aggregated forms is risky, because it may be possible to infer the forgotten raw information by correlating different aggregated forms.'"
This discussion has been archived. No new comments can be posted.

Why Big Data Could Sink Europe's 'Right To Be Forgotten'

Comments Filter:
  • by EmperorOfCanada (1332175) on Wednesday November 21, 2012 @01:26AM (#42051585)
    If customers want their data forgotten then maybe they didn't want it stored or shared in the first place. The rule should not so much be about data retention but data gathering. The rule should be quite simple. Any organization that gathers data can't share it at all with anyone not directly connected with the reason it was gathered. So my power company needs my address to know where the lights need to be turned on and enough info to bill me. But anyone beyond billing and switching should not have my data, not management, not marketing, and definitely not a "trusted" third party.

    The same with my driver's license that is needed by two small groups of people, the people who issue the license, and the police if they need to know that I am allowed to drive. It should literally be illegal for anyone else to copy anything from my license if it doesn't involve my ability to drive so say a car rental place would be OK. Many bars have taken to scanning driver's licenses as you enter the bar. Then you start getting mail and crap from the bar and anyone else they sell the data to. I met a guy who rewrote the data on the magnetic strip to cause buffer overruns and crash their little hand held units. He regularly went to every bar downtown that had the scanners as the crash wasn't a simple reboot of the unit as some remote server lost its mind requiring someone to come in.

    These organizations find this data valuable but somehow think they can take that valuable thing from us without negotiation. I say you want my data you can pay me $1,000,000 per byte plus royalties on resale.
  • by AftanGustur (7715) on Wednesday November 21, 2012 @01:55AM (#42051711) Homepage
    When big corporations want "their" data removed from a server farm they simply send a email/letter to the owner and he has to remove it.

    What is the problem with doing the same for people?

    Facebook actually makes it hard for people to remove their content from the service, and it doesn't even say "delete", it says "remove from timeline" (but not from the whole system).

    If I want my Facebook history Wiped, it is my right to do that, it is *my* data and Facebook and others shouldn't have a operating license unless they make it really simple for people to "be forgotten".

  • by Luckyo (1726890) on Wednesday November 21, 2012 @02:50AM (#42051985)

    This is the entire point of legislation - it's a "court order" without having to go to court every time (which is prohibitive for individual and society) on specific kind of information storage.

    Unfortunately most US-based folks would likely not understand this any more then average afghani can understand equality of women. When you never had any expectation of privacy in your culture, another culture with significant presence of such expectation would seem very alien.

  • by seifried (12921) on Wednesday November 21, 2012 @02:54AM (#42052009) Homepage
    But let's say I didn't share my data with Facebook, my friends and associates did. E.g. photos from an event I attended get posted, they tag me in the photos, now Facebook recognition tags me (well in theory..). Someone else enters my birthday in order to be notified a week in advance so they don't forget to email me a happy birthday. Someone enters my home town (actually happened on linkedin, grr). So now Facebook has my name, bday, address, photos of me, and I never logged into Facebook. That is why we need the right to be forgotten.
  • by Luckyo (1726890) on Wednesday November 21, 2012 @02:56AM (#42052033)

    Unfortunately you make one massive presumption that is simply impossible to be true, which in turn collapses your house of cards.

    You presume that all information about any given person is supplied only by that person.

    In modern world, it's often the exact opposite. Aside of a few attention whores, most of the "moderately embarrassing info" is posted by people who know the person in question but are not the person in question.

  • by Daniel Dvorkin (106857) on Wednesday November 21, 2012 @03:20AM (#42052119) Homepage Journal

    Few ideas are more absurd. They will have to outlaw all recorded media and burn down the libraries. Make ignorance the law of the land.

    "Right to be forgotten" is an odd phrase, but it doesn't mean anything like what you seem to think it means. Basically it just means you have the right to request that information which you have provided to a particular data repository be removed from that repository. IOW, no more "we own everything you post forever" policies. Seems reasonable enough.

  • by buchner.johannes (1139593) on Wednesday November 21, 2012 @03:26AM (#42052167) Homepage Journal

    The right to be forgotten is about the right to have your personal data removed from a companies server, when you want to revoke your trust into a company. If it's your server, and you don't store personal data about other people you don't have an issue.

  • by Anonymous Coward on Wednesday November 21, 2012 @10:12AM (#42054557)

    There is a fundamental difference between the US and the EU in how personally identifyable data is looked at. In the EU people are practically considered to be the owners of data about them. Users didn't give their data to you, they entrusted you with their data, and you're supposed to take good care of it. That includes using it only for the purpose you collected it for with the user's permission, not passing it on to others, and if this takes effect, removing it if the user request it.

    You talk about imaginary property rights trumping rights over real property, but you won't be asked to destroy hard drives, your real property isn't touched by this at all, and yet you react as if your property rights over data are real. It really is a question of perspective. Please be open to cultural differences and perspectives different from your own.

All life evolves by the differential survival of replicating entities. -- Dawkins

Working...