EU Commission Says People Have a 'Right To Be Forgotten' Online

nk497 writes "The European Commission wants to strengthen data protection rules to give more power to consumers — including the right to be forgotten online. Legislation it's looking to push through next year will let consumers know when and how their data is being used, and force companies to delete it when asked. 'People should be able to give their informed consent to the processing of their personal data,' the commission said in a statement. 'They should have the "right to be forgotten" when their data is no longer needed or they want their data to be deleted.'"

What about other people's data about me?

[AmiMoJo]

I can delete my Facebook account but I can't delete the photos someone else took with me in them.

Re:What about other people's data about me?

[captainpanic]

I can delete my Facebook account but I can't delete the photos someone else took with me in them.

All data on Facebook is property of Facebook, not of the people who put it there... so you should be able to ask Facebook to remove it... (according to the text, "companies (i.e. Facebook) will be forced to delete it when asked").

Re:

[ircmaxell]

All data on Facebook is property of Facebook, not of the people who put it there... so you should be able to ask Facebook to remove it... (according to the text, "companies (i.e. Facebook) will be forced to delete it when asked").

And that doesn't sound like it will ripe for abuse...

Oh wait...

Re:

[IBBoard]

Erm, in a similar way to false DMCA take-down notices - claim that you're in a photo that you're not. Companies have been filing DMCA take-downs for stuff that they don't own the copyright for, so what is to stop people claiming that they are in a photo when they're not?

Re:

[captainpanic]

Doesn't Facebook have face recognition?
Shouldn't be much of a problem to find out who is on a picture... many people actually consider it another privacy intrusion that Facebook is able to do this... :)

Most cases of things that need to be taken offline are quite harmless, and the benefits (at first glance) outweight the possible abuses. Also, it may be just a little more difficult than a single anonymous email to get content removed. Pranksters may not want to go that far.

Re:

[jhigh]

I can delete my Facebook account but I can't delete the photos someone else took with me in them.

While I believe that the EU is targeting the corporate world with these rules, it would be interesting to see an attempt to enforce this against individuals. For example, if you're at a company picnic and I snap a photo that happens to have you in the background. I then post said photo to my Facebook account. Should I be required to take down a photo that incidentally has you in if you request me to do so? Whose interest will win out in this scenario? Your interest in remaining anonymous online or my i

Re:

[commodore64_love]

A photo taken in a public park is not "owned" by anyone. The light bouncing off your body is the common property of all.

Now if your photo was in somebody's home, then they'd certainly have the right to request you stop pasting photos of their furniture/friends online, because that's (1) private and (2) enticing to thieves and potentially dangerous.

Re:

[Anonymous Brave Guy]

A photo taken in a public park is not "owned" by anyone. The light bouncing off your body is the common property of all.

Really? Even if it's taken with a telephoto lens, looking over your shoulder to capture you entering a PIN while making a card payment? Even if it's taken up a girl's skirt using a concealed camera in a low-carry bag? Even it uses new technology to render intimate images of someone that could not be seen with the naked eye? What about driving up to your home on a public road, raising a camera on a robot arm right up to a little gap you left in the curtains of each bedroom window, and snapping intimate photo

Re:

[KDR_11k]

Fortunately that's not how the law works. The photo may be property of the photographer but to publish it he'd still need the consent of every identifiable person in the picture (hence the face blurring in photos from many countries). There may be an exception for photographing celebrities but not with random people.

Re:

[TheLink]

Maybe the next step: http://en.wikipedia.org/wiki/Censorship_of_images_in_the_Soviet_Union [wikipedia.org]

Re:

[Haedrian]

Interestingly enough 'deleting' your stuff on facebook does not mean that they disappear - but rather that they're marked to be deleted later - and kept for a few months until their garbage collector gets around to it. There was a /. story about that recently.

Re:

[cronco]

You can tag anything with any name on Facebook, it's just that the tag won't link to your profile if you don't have one.

Re:

[Myopic]

I hear a lot of people say that, but I think the answer is that access is so much easier that the entire question is shifted substantially, and for most people it is shifted across the threshold of acceptable privacy. Yes, in the past a random person could take my picture in a public place and show their friends; now they can take my picture, tag me, put it on the internet, and show the whole world that I specifically was at a certain place specifically at a certain time specifically. Although those situati

Re:What about other people's data about me?

[ledow]

Then Facebook is the same as a photoshop. No-one MADE Facebook take your photos and scan them in and put them online and name you on them - some random individual (presumably someone who knows you, possibly not) put them up. What's the difference between that person getting a copy of the image from a photo shop and showing it to people in your office (presuming they work there too) or a potential future employer, or sticking it in their own photo album, or showing their cousins, or whatever else. You gonna hold the photoshop responsible if that happens?

If there is a photo of you that you don't want people to see - SEIZE the photo, not punish Facebook. The "idiot" that puts that photo online and tags you is the one who drops you in it, not Facebook. They could have done it on a million and one different sites, or in a letter, or pinned the photo to a noticeboard anonymously. And if it was taken in a public place, there's actually NOTHING you can do about it in the majority of sensible countries, so long as the photo is published complete (i.e. they didn't amplify your face and print it out on leaflets that they spread throughout the town but) - In lots of countries you have no right to photographs that include you if you're not the main subject of the photo and it's taken in a public place.

Basically - don't be stupid. That means that any moron that appears in my "photo of a new york street" could get my holiday photos deleted from Facebook - and, in fact, ANYONE could if they just *claimed* to be in the photo. How would Facebook prove / disprove otherwise.

Please stop thinking that the existence of Facebook in particular changes ANYTHING with regards personal privacy. And be more cautious about being photographed pissed out of your skull by work colleagues. And work in places that understand the work-personal life separation and that don't think just Googling each candidate's name is a reliable way to accurately find out about any possible indiscretions (otherwise every John Smith has an AWFUL hard time finding out) - if that's even LEGAL for them to do in the first place.

Re:

[Charliemopps]

Yes, but are we going to ignore this to the point that facebook and google get so good at mining our data that every time you think "I could eat a blueberry muffin right now" a delivery boy is already knocking on your door, muffin in hand, before you can even think "God, why am I 500lbs!?!?"

Re:

[jgagnon]

The sad news is that there is an ever increasing population of people that WANT things to get to that level. Convenience at any cost, so to speak.

Re:

[Anonymous Brave Guy]

I don't mind that. If fully informed and rational adults are willing to give up some privacy in exchange for some convenience, who am I to tell them they may not do so?

The sad thing, to me, is that the trend in recent years has been for corporations to just decide for us that everyone is like that, and act accordingly, because it makes them more money and privacy laws are so weak in most places that there has been nothing to stop the rot. Not everyone is happy for that sort of thing to happen.

Also, not ever

Re:

[commodore64_love]

>>>Then Facebook is the same as a photoshop.

That's a good point. If for example a teacher is discovered drinking beer on her former dormmate's Facebook, and the government tries to fire her for "setting a poor example", she can simply claim, "That is me, but I never did that. The photo is a fake and that event never happened." She can then sue the government for improper dismissal, and it's incumbent upon them to prove guilt (which they cannot do).

Same goes for any other worker who might be fire

Re:

[Jaysyn]

Same goes for any other worker who might be fired for photos online. "That is me but I was never drinking, or smoking weed. It's a fake." Innocent until proven guilty.

That won't work with private employers in right-to-work states.

Re:

[mlts]

Careful on that. The burden of proof actually is on the person who is in the picture in reality. Try convincing a jury (where most of the jurors think Photoshop is where they go to drop off their 35mm roll film) that the picture is fake. Go into detail about where the pixels don't jive, and the jurors' eyes will glaze over until the opposite attorney stands up and says to ignore the technobabble.

Most Americans don't know, and don't care about faked pictures, so almost always if a picture shows someone wi

Re:

[commodore64_love]

>>>The burden of proof actually is on the person who is in the picture in reality.

False. If an employee brought an "unjustified dismissal" case to court, says the photo is a computer-generated image, and the employer can not prove that the photo is a real event of Employee X smoking dope, the employer would face criminal fines. Probably civil damages too (in a separate case).

Re:What about other people's data about me?

[commodore64_love]

P.S.

One way for a lawyer to demonstrate to ignorant juries is to take their photo, add bits-and-pieces to make the jury appear to be smoking dope, and then show the "before" and "after" photos the next day. That would demonstrate "reasonable doubt" that the employee is not guilty, but a victim of a modified image.

Re:

[commodore64_love]

>>>Please stop thinking that the existence of Facebook in particular changes ANYTHING with regards personal privacy.

It does. It changes the level of distribution for your Drunken Party Photo from "a few friends" to "the entire globe". Which unfortunately includes your current employer, or the HR department of the new company you're trying to join.

Re:

[ledow]

Because one of your "few friends" put it somewhere where "the entire globe" could see it. Nothing new there. They've always been able to do that. And it's the "friend" that does that that's the problem, same as if your private sex photos end up in the newspaper - blame your friend, not the paper, because there were a million and one other avenues for those photos to get into the public domain and they ALL start with your friend.

And again, those sorts of HR department investigations are (in most civilised

Re:What about other people's data about me?

[commodore64_love]

>>>They've always been able to do that.

False. When I was growing-up I had no way of publishing a photo to the whole world. I know because I tried it a couple times, but there was nothing like facebook, and the internet was still limited to just a few thousand college professors & computer hobbyists. Only the mass media corporations had the resources to distribute to the entire globe. - Not until ~2000 did the WWW reach greater than 50% of the population, and allow them to could share photos to the whole world. SO YES facebook, myspace, and other services have changed the level of distribution.
.

>>>those sorts of HR department investigations are (in most civilised countries) completely 100% inaccurate and completely 100% illegal

You saying the US is uncivilized? We are a different culture from the UK, that's true, but that doesn't mean we're not civilized. We have rule of law just like you do, and without a pesky queen to overrule it, or the will of the people. Anyway:

Here it's perfectly okay for HR departments to run background checks on their employees, including contacting the Social Security (SS) department to retrieve your employment history, and online postings/websites. And I suspect even in the EU, if it's illegal, it's still performed by the human resources employees in secret. (Like in the movie GATTACA where it was illegal to sample people's genes, and yet employers did it anyway.)

Maybe you'll understand better after you become a victim yourself.
I used to think like you, that nothing would ever happen,
until I became scammed a few times, and 2 employers stole my wages.

Re:

[speroni]

The British use "Civilized" the same way we use "Democracy"

They go around the world giving civilization to countries who don't have it. Just like we try to bring democracy to everyone.

Re:

[KDR_11k]

I got a common first AND last name, Google finds over 2 million hits for my name.

Re:What about other people's data about me?

[Haedrian]

The problem isn't facebook as-such - the problem is how the web is turning into a semantic one - which lets you link information to one another.

If in the old days, I had a website with a few friends which we put images on - then only my friends would know about that. If I had any embarassing images, or images of me getting wasted or something - there is no problem at all.

People have many different aspects - and they would kindly like to keep those aspects seperate. You may be known to your friends as "That person who can belch the loudest", but when you're writing a C.V. - you don't put it over there. People want to keep these information private to certain people- the problem is that with all the links now - you can't really do that.

To give a proper example - take Linkln (which is used for 'professional' networking) and Facebook. You would ideally have a professional 'aspect' being shown there for your employer to see that you went to convention X, worked at company Y for N years et cetera - you don't want your employer to look at your 'wild side' on Facebook.

To summerise the above disjunctions - I may want my different aspects to be avaliable online - but I don't want everyone to be able to access them - and I want to be able to 'erase' mistakes which happened in my past - especially to someone important. People change (and therefore have "A right to be forgotten") and people have different aspects for different people - the way you are towards your friends =/= way you are towards your partner =/= towards your parents =/= towards your employers.

Re:

[AmiMoJo]

In Europe the right to a separate and private life outside work is enshrined in law and is considered a human right. It isn't simply that you might "want" it to be that way, it is considered to be necessary for human beings not to suffer unduly. Part of the work/life balance is being able to keep things you wish to be private and which do not affect your work private. There is some argument about what information that includes, but the basic idea is to protect the individual from the employer who by nature

Re:

[Anonymous Brave Guy]

There is a huge difference between:

1. single records made by an individual who is physically present and visible themselves for private use and available only via direct personal contact, and
2. millions of records held and exploited by a commercial organisation by making them available without exercising editorial control to large numbers of possibly unidentified people in a searchable database with direct, near-instantaneous worldwide access.

Well, actually, that's more than half a dozen significant, objective

Amazing, and ironic

[siddesu]

Is this the same European Commission that decided some time ago to force data and voice service providers to keep phone and email records for years?

Will these data be subject to the "right to be forgotten", or government-retained stuff will be magically excepted?

Consistency, thy name is Europe.

As opposed to... what?

[Moraelin]

Yes, they did mandate keeping the logs for a given time, but then they have to be deleted, and specified who has the right to get them. I.e., it takes a subpoena.

But, as opposed to... what? Just trusting that the companies will automatically delete those logs, and will never use them for marketing or whatnot? Just look at the Facebook for an example of how much better _that_ went than, you know, ooooh, scary inconsistent nanny-state Europe.

Re:As opposed to... what?

[siddesu]

Actually, every country is free to implement the details of the directive in question regarding data deletion and privacy as they see fit. There is no magic "removal" wand, and many countries will keep some data, officially or not.

Some EC member countries even immediately abused the directive to mean extra data collection. Some countries decided to interpret it as a requirement for the police to have direct, real-time access to such information. In some countries, the fight to protect citizen privacy due to this directive is still not won by a wide margin.

Ignoring the schizophrenic inconsistency of the EC and not taking them to task is why they've turned the way they are.

The same European Commission is, for example, currently conspiring with several other governments and big business organizations to promote even more surveillance and enforcement with ACTA, and denies the European Parliament access to the text of the proposal agreements.

Re:

[Haedrian]

"The same European Commission is, for example, currently conspiring with several other governments and big business organizations to promote even more surveillance and enforcement with ACTA, and denies the European Parliament access to the text of the proposal agreements"

Uh what?

http://boingboing.net/2010/03/10/eu-parliament-votes.html
http://yro.slashdot.org/story/10/09/08/1510255/European-Parliament-All-But-Rejects-ACTA

Re:

[schmidt349]

You know, given the choice between my retained personal information being used to (a) sell me pizza or (b) imprison me for expressing an unpopular political viewpoint, I think (b) is a way bigger deal than (a). And given Europe's track record on (b) (hint: 1936-1945 in one bit, and 1917-1991 in another), I'm going to have to say that the Eurofascists scare me a lot more than social media does.

Heh

[Moraelin]

1. If you think your data in the USA would only be given to the pizzerias, and not to the USA government... heh. It's funny. You do know they subpoenad such stuff from Google and others already, right?

2. Oooh, scary Euro-fascists, 'cause you can dig up something from 65 years ago. Heh. Ah, the joys of semi-literate trolls who never heard of anything after WW2 because it's not in the Hollywood movies they mistake for education... Besides, I guess it saves the home-schooled right from acknowledging that the rest of the world has actually moved out of the 40's.

3. But if you want to compare fascists, let's compare fascists.

The USA moved a minority to concentration camps for, pretty much, fearing that their political sympathies may not be the proper ones... when? Oh wait, it was during the WW2 too.

The USA had the idiotic McCarthy scare... when? Until the late 50's? Shouldn't you remember that too, if for Europe the 1936-1945 era counts as recent enough?

The USA imprisoned and tortured people for mere suspicions, and skipping all human rights or safeguards of the rule of law... when? Oh, wait, that was in the 21'th century. I guess the 1945 is scarier because it's more recent than that, huh? Oh wait, it isn't.

The USA datamined not just phone records, but even grocery lists, to try to find out who's a muslim... when? Oh, wait, that's 21'st century too.

So, remind me, which of the two should you fear more? The ones who actually tortured people for the mere suspicion of supporting the wrong gang 2-3 years ago, or those who did it 65 years ago?

Re:

[jgagnon]

While I agree with most of what you said, do you honestly think the US is working alone in these recent actions?

Re:

[Ash Vince]

The ones who actually tortured people for the mere suspicion of supporting the wrong gang 2-3 years ago, or those who did it 65 years ago?

Nice post.

I would like to add that the European gang in question found themselves swinging at the end of a rope for their trouble. It also lead to the establishment of the Nuremburg Principles: http://en.wikipedia.org/wiki/Nuremberg_Principles [wikipedia.org]

Re:

[LordLimecat]

...concentration camps...

You do understand the difference between "internment camp" and the historically loaded term "concentration camp", right? Im pretty sure that, as bad as the internment camps were, we didnt actually work anyone to death or gas anyone.

Re:

[hedwards]

I was harassed for a number of years by the US Navy when my high school handed over my contact information to the government without my permission or even being required to tell me they had done it. They're not required to disclose that they can't continue contacting you without permission and they're not required to adhere to any sort of ethical standard when it comes to making promises either. Deep within the contract they want you to sign is a "military convenience" clause which pretty much indicates tha

Re:

[captainpanic]

Probably a different department :)

You seem to suggest that laws cannot conflicht with each other... But laws are only as good as the people who wrote them, and that suggests that it is very possible indeed that laws conflict with each other.

Anyway, I am happy that at least online data can be removed now.
All stored data (on a company database or a government database) will be another thing...

-- A small step forward is still a stop forward.

Re:

[siddesu]

I would be even happier if, when such proposals go to the European Parliament, someone will remember to add a clause mandating the member governments to respect this right.

Compared to government abuse, company data retention is much less dangerous.

Re:

[Haedrian]

In the EU, there is an independant court called the "European Court of Human Rights" which deals with things of that manner. If you honestly feel that the government is infringing your rights in this manner, you can actually sue your government for it.

And in certain cases, the government actually lost and had to pay up and change - so its not just a 'pretend' court.

http://en.wikipedia.org/wiki/European_court_of_human_rights

Re:

[andrewbaldwin]

Strictly speaking it's not just in the EU

The ECHR is a creation of the European Convention on Human Rights which was founded by the Council of Europe (which predates and has more members than the EU).

This distinction is deliberately blurred by some of the more anti-European press, some multinational companies and political parties who like to portray the EU as some kind of supranational big government bogeyman. Conflating the ECHR with EU mandates serves this purpose well. This attitude (which is similar t

Re:

[captainpanic]

I would be even happier if, when such proposals go to the European Parliament, someone will remember to add a clause mandating the member governments to respect this right.

Compared to government abuse, company data retention is much less dangerous.

Although I agree with the intentions you seem to have (less data on government databases), I think it is not smart to couple these two things.

Online data is the current topic... and the EU seems willing to improve this situation.
What you talk about - those government databases - is considered state security. And it is gonna take a little more to convince those paranoid war hawks that they're just as safe when they cannot spy on every step that the population takes.

So, I think we should pursue both goals, bu

Re:Amazing, and ironic

[Luckyo]

It's perfectly consistent once you stop being an ass and purposefully misunderstand the topic. Government and its way of using information is strictly regulated here - and by regulated I don't mean Bush-style "we do what we want and laws be damned" regulation, but a real working one.
Problem is, facebook, google et al are largely NOT regulated. They can keep your information forever, even if you "delete" it from your account, and sell it to the highest bidder. This is the part where essentially all EU member states start to have problems - here culturally, privacy is taken far more seriously then in US. As a result, the legislation is aimed to bring the american privacy "you have none" culture that is currently used in most of these companies closer in line with the European values. Such as not being able to just mine data and then mass sell it, even after you expressed a wish for data to be deleted instead.

The data and voice service providers have to keep certain data because they are common carriers. They are not, for example, allowed to mine the data and sell it, and they are only allowed to pass the data on when courts or certain legally entitled entities request it. There is no inconsistency, we can have both. We just have to have laws that work, and government that obeys them.

And notably, this is one of the very few issues where you can safely call then "European values", and not look like a clueless idiot, because unlike most things on which we Europeans tend to differ in a major way across our countries' borders, privacy is something treated in a very similar way across borders on the continent.

If this shocks you as an american, that's okay. We're shocked that you view universal healthcare as something bad too. It's a cultural difference. Just because we have universal healthcare doesn't mean we should force it on you, and just because you have no right to privacy (from our point of view) doesn't mean that you should force similar regime on us.

Re:

[Hatta]

I totally get that Europeans value privacy and seek to promote it through regulation. What I don't understand is how this is a "right". Rights are derived from first principles, not enacted on an as needed basis. What is the philosophical underpinning of this "right" to privacy?

Re:

[Haedrian]

Note sure what kind of answer you are expecting but:

"Article 8 – Right to respect for private and family life

1. Everyone has the right to respect for his private and family life, his home and his correspondence."

Re:

[Peeteriz]

Privacy is a fundamental human right recognized in the UN Declaration of Human Rights, the International Convenant on Civil and Political Rights and in many other international and regional treaties. It is one of 'first principles' together with other basic freedoms. It is included in constitutions of many countries - in the newer constitutions it tends to be more explicit, and USA is a notable absence; but even there the issues like unreasonable searches and privacy of your home are covered.

Some classical

Re:

[misexistentialist]

Privacy is necessary to exercise rights in the face of the massive difference in power between the individual and everyone else. The concept of privacy may have come later, but something that makes other rights possible must surely be a right itself.

Re:

[Raenex]

Fuck off, anonymous coward. He asked a legitimate question.

Re:

[Myopic]

Almost no laws apply to the government which passes them. COPA comes to mind, but pretty much all laws have sovereign exceptions.

I like it.

[pecosdave]

Now, to force the removal of my name from old spam list using this.......

Is there is not a central clearing house

[Shivetya]

for deletion requests its as good as not having a law requiring the ability to delete the information.

How does this work with years of backup tapes?

[ciderbrew]

This is both a flippant comment AND a real question. It must be very hard to clean up all the data?

Right

[gmuslera]

the problem starts when a right becomes an obligation, and involves more than just big companies in their own information

Dilema - how do you anonymise data?

[ciaran_o_riordan]

If I want to be able to ask companies in the future to delete data about me, that means they have to keep that data clearly labelled as being about me.

Otherwise, they could "anonymise" it by removing my name, but that's not real anonymity. If my mobile phone operator removes my name, but keeps the info about what house Customer0001 spends the night in and what office Customer0001 spend 40 hours of daytime in, Monday to Friday, well, there's only one person in the world that fits Customer0001's profile. :-/

Hear that Slashdot?

[digitaldc]

Where's my comment history DELETE button? ;)

Info tech tools could give us MORE privacy

[guanxi]

Another poster compared privacy today and in the pre-Internet world, which got me to thinking: Until now, innovations in information technology have generally reduced privacy by making it easier, by many orders of magnitude, to copy, distribute, and find information. Any info about you that's on the Web, for example, can be immediately distributed across the world, copied by whoever wants it, and found via Google.

But information technology could also be used to improve our privacy over the pre-Internet world: Encryption, of course, but also anonymization, DRM (for your personal info, such as copy restrictions and expiration dates), and using search engines to automatically find other data, including the pattern recognition engines that can find photos. Some of these could be regulatory requirements (businesses must anonymize personal info as much as possible, must use DRM with copy restrictions and an expiration date, encrypted it, and the business is responsible for monitoring the web for errant copies). Businesses already use these tools to protect their data and online identity; there's no reason private citizens can't use them too.

In some ways, private citizens could have more control, not less, of their privacy and identity if they use the tools in their favor.

Re:

[IBBoard]

But information technology could also be used to improve our privacy over the pre-Internet world

And if the EnCoRe project [encore-project.info] gets its implementation right then we'll have controls that will help even more. It is basically a research project looking at "Ensuring Consent and Revocation" with the ideal of having informed people using certified services that provide certain guarantees about how they deal with, process and dispose of your data.

On the DRM point, I think that it is one of the few places where it is r

Re:

[misexistentialist]

More information more widely distributed wants to be more free. Technology can only do so much, especially when any privacy law will barely have any substance after all the loopholes and backdoors are added to exclude "criminals".

Sounds like the Data Protection Act 1984

[Duncan J Murray]

Sounds an awful lot like the uk data protection act of 1984, which applied to all data, written and electronic, held on an individual.

"Personal information may be kept for no longer than is necessary and must be kept up to date."

"Data must not be disclosed to other parties without the consent of the individual about whom it is about..."

"Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measu

Common names

[antifoidulus]

Tip for anyone who will be a parent(cue slashdot sex jokes:P): Pick the absolute most common name for your child. If there is a famous person with your last name, give your child the same first name as the celebrity. If you have a super uncommon last name, use your spouses last name. It's really one of the few ways you can protect your privacy online anymore, ie by making you a needle in a haystack of people with the same name. I know if I have a son I am certainly naming him after an actor that shares the same last name as I do.

Re:

[snspdaarf]

If your last name is "Holmes", pick "Sherlock" instead of "John."

Re:

[L4t3r4lu5]

I shall definitely be calling my child Adam, not Fred. I will absolutely forbid grey Lycra in the house.

Sincerely,
P. West.

So that's socialism?

[GodfatherofSoul]

The government protects the rights of its citizens against private industry? Sign me up!

Re:

[Haedrian]

Woah Woah Woah. You actually like socialism?

You're not being brainwashed enough. Go watch another American-made cold-war film, put on some patriotic speeches and let me not here any nonsense like that again!

</satire>

What's the job market like in the EU?

[commodore64_love]

After reading all these new rights the EU is approving, maybe I should move there.
Anybody need an english-speaking engineer? Or maybe a German-to-English translator of written works?
(Maybe the market's no better in the EU than the US?)

I'd like to some up my feelings in one word

[binkzz]

Yay! And thank you.

Data purge? Impossible!

[FPoe]

Anyone know knows how an enterprise backup system works knows that this is nearly impossible. You'd have to know their backup practices to really know the extent of data retention but for a company that size, I offer the following example: Since their (your) data is worth big $$$, they probably run nightly incremental, weekly backups (maybe), monthly backups, and finally yearly backups. Given DR concerns the might have global mirrors and off-site tapes (definitely one of the two). So all in all, one picture you post could represent literally dozens of instances. Purging all this data out would be impossible at an extremely massive burden to the company.

No, there is no "right to be forgotten".

[russotto]

The right to be forgotten is the right to control other people's minds. I realize they don't mean it quite that literally, but the way they do mean it is extremely intrusive as well.

Workable?

[Stooshie]

How will that work if, say, a European citizen complains that Facebook (based in the U.S.) has been mis-using their personal data?

So who decides when it's "needed"?

[CCarrot]

'They should have the "right to be forgotten" when their data is no longer needed or they want their data to be deleted.'"

This makes me wonder: who decides when the data is no longer needed?

"No sir, we need to retain your name, address, social security number, immunization history, telephone number, record of charitable contributions and the name of the woman you just broke up with on Facebook in order to optimize our customer satisfaction and courtesy first program. Yes sir, you are the customer, but sir, that does not necessarily mean you are always right, or even that you are right most of the time. In fact, just let me c

Re:

[jgagnon]

On the contrary, this has all kinds of ugly written all over it. With how easy it is to impersonate people online, I can see many ways in which this can be abused.

Someone impersonates someone else and gets their data deleted. Easy enough, just ask to get it restored from backup, right? Wait, they're not allowed to keep backups of deleted stuff because that would violate this new law. Ouch...

Let the damn companies have whatever policies they want, force them to be open about those policies, and then let

Re:

[jhigh]

Let the damn companies have whatever policies they want, force them to be open about those policies, and then let the people decide which companies they will deal with. Hell, even create a public forum for people to share their experiences with the companies so that others can be educated. But don't pass laws that could very easily make life hell for those that might actually WANT their information online (but not necessarily shared).

I'm gonna have to agree with you here. This sounds, once again, like government trying to solve the problem of people that are too dumb to understand what they're doing. While there should definitely be policies in place to prevent people from collecting and/or storing data on you without your permission, in most cases permission was probably given and the consumer was just too dumb to realize it.

Re:

[Myopic]

One of the jobs of the government is to lend a helping hand to people who don't want to read pages and pages of legal language for every new website they go to. The unregulated market will certainly fail to provide a reasonable solution to that problem, so it is proportionally reasonable for the government to take action. Whether or not government action is a good idea in this specific case is a separate question, but we should all be able to agree that it is at least reasonable to consider it.

Re:

[jhigh]

One of the jobs of the government is to lend a helping hand to people who don't want to read pages and pages of legal language for every new website they go to.

By whose standard? The post is about Europe, so maybe that's accurate over there. I live in the U.S. and that is most certainly NOT one of the jobs of the (federal) government. It is precisely thinking like that that has resulted in the massive, unsustainable government that we have here in America. Again, I know that this post is talking about Europe, and maybe that is certainly within their legal purview. But that doesn't mean that it should be.

The unregulated market will certainly fail to provide a reasonable solution to that problem,

Again, says who? While it may take a little bit, eventu

Re:Agreed

[ashkante]

Assuming that the effort put into this law is more than half-assed, I am thinking that there may be a distinction between "data I have put there (into the cloud) to be stored, as in documents, photos, database contents, etc", versus "data that the companies collect, as in webpage visit counters, IP addresses, browser and system stats". I, personally, include web registration data, addresses, phone numbers among the latter. And yes, I would like to have those erased, along with backups if I stop using the web service. As for impersonation, that can wreak some pretty nasty havoc with your life even without such legislation and needs further looking-into. I am grateful at least that I don't have to write laws about it :D

Re:

[jgagnon]

I'm not as concerned with "half-assery" as I am with the law-making bodies just not understanding the technology they're writing laws to control. In other words, they may put their full hearts, as it were, into making a "great" law that is in perfect harmony with their understanding of things... which turns out to be a really horrible law because their understanding is flawed. How many of these people making these laws actually use the technology they are writing laws about? THAT is the scary part to me.

Re:Agreed

[JaredOfEuropa]

Let the damn companies have whatever policies they want, force them to be open about those policies

That is how it should be. And a number of European countries have data privacy laws to that effect. Companies have to publish what they are going to do with your data and are not allowed to do anything else with it. They also have to let you know, on request, what data they have on you. Not a bad law, but I would like to see it extended a little bit, as follows:

A company's data privacy disclaimer/statement shall not exceed half a page of text (A4/Letter in 12 point letters, in case someone wants to get smart with fine print). It shall not be embedded in a longer generic disclaimer, but stand on its own.

Better yet, the government could issue a generic, well-understood disclaimer in which companies provide the details about the data, access, retention, sharing, etc. Currently it is not humanly possible to read these disclaimers, being half a book's worth of legalese. This is done on purpose.

Re:

[HungryHobo]

if only people had sense.... and could all grok legalese.

you see that approach is defeated by the cunning approach of every service offering terms and policies which

1: make no guarantee or promise of anything at all under any circumstances (just read your antivirus T&C)
2: state that you have no rights at all
3: state that they reserve the right to do anything they feel like doing.

Since nobody reads the T&C or policies it's not a selling point.
So they include whatever they like and then simply don't e

Re:

[jgagnon]

There will always be ignorant masses, and that isn't limited to those employed by government. :p

I can agree that a form of transparency isn't enough, but it should still be a requirement. Even educated people avoid reading those T&C clauses, because, as you said, they so rarely interact with reality. So... what is the answer?

Stupid is as stupid does and there is a little Gump in all of us.

Re:

[hedwards]

That's probably because in most if not all jurisdictions it's viewed as reasonable to require an attorney to read the T&C before doing anything. In that mythical world, we also all have sports cars and can bed any super model we wish.

Seriously, there's something really, really wrong that people are expected to have to hire an attorney in order to know what it is that they're agreeing or not agreeing to.

Have a Backup & Restore Feature...

[zQuo]

It would be very nice if social networks had an official backup and restore feature to your profile. Then you could truly have control of your data, and delete or restore your account as needs without much fuss.

Re:

[Peeteriz]

It's not enough to rely on simply publishing the policies and customers choosing which service to use.

It does not protect the consumer data from the first 'incident' when the company chooses to change their policies and sell everything to advertisers; or for example when company is sold/merged with another provider, which gets the data - there need to be strong legal teeth that prevent the company from ever abusing my data if I gave them this data 10 years ago when they were well-behaved.

Re:

[jgagnon]

Which is great in theory, but there are other ways of getting the data other than Company A selling it to Company B. For instance, what if Company B buys Company A outright and acquires the information that way? Now what if Company B was an advertising agency?

Point is that Company A may not be evil while Company B is, so customers of Company A are suddenly in jeopardy because of the merger. This kind of thing happens all the time. Sometimes companies don't even know they've acquired all of this mined da

Re:

[Peeteriz]

There's no need to reinvent the wheel, the current EU legislation seems to cover all the border cases [maybe that's why the laws are so frigging huge] and no glaring loopholes have been published at the moment.

The main point is that even the original company is not allowed to do "bad" things, so any issues about others getting the data in whatever way (sale, acquisitions, mergers, theft, datamining, whatever) don't create a major problem, as the new company is bound by the same rules in any case. The only s

Re:

[jgagnon]

The locations of Company A and Company B would complicate the scenario tremendously as you alluded to (jurisdiction). Especially if the information is "stolen" (conveniently or inconveniently).

Re:

[Peeteriz]

If it's stolen (conveniently or inconveniently), the original company has full financial liability for any consequences as it has failed in it's duty to safeguard the data; I'm not well informed of the enforcement details, though.

However, this essentially means that the data can be used for illegal purposes only, not for reasonable commerce; as if the 'acquiring' company wants to do some business in the EU it wouldn't even be allowed to legally use such data for e-mail spam.

Re:

[jgagnon]

Unless there was some form of "information laundering" going on. Which I'm sure would be possible.

Re:

[Timothy Brownawell]

but it's a great concept. Why should someone have your data with out you knowing and better yet why should they keep it if you ask it to be destroyed.

What I know, is mine. This, is saying that my knowledge is not mine and can be taken from me. Really, it looks like the next step from those absurd libel laws where truth isn't a defense. What's the next step after this one, require that anyone can have anyone else dragged off to get portions of their memory medically erased?

Re:

[jgagnon]

Or maybe we'll have cases where people take themselves to court because they had their memory erased.

It's not really about what you know

[Anonymous Brave Guy]

What I know, is mine.

Perhaps, but how you came to find it out and who you shared it with are often under your control. We don't (yet) have the ability to selectively erase people's memories, but we certainly can punish undesirable behaviour, such as collecting information by going around spying on someone, or betraying a confidence by sharing with the whole world some sensitive information you were given privately.

In any case, most of the serious problems in this area are not about what an individual person knows, but about wha

Re:

[Defenestrar]

But it's not your information.

First and foremost - read that EULA. Learn what Facebook owns, what Google owns, heck - even WoW owns the copyright and any IP generated in game chat. Different companies have different EULAs, but you don't often see pro-consumer language in them.

Second - if it happens in public, it's public record. (Or if not in the wide open public - then at least in some sort of community where you either have no reasonable expectation of privacy or at least a limited expectation (e.g. wha

Re:

[JackOfAllGeeks]

I emphatically disagree. At least as stated this is a terrible idea because of all of the horrible unintended consequences when "my data" intersects with "data about you." If I take a picture demonstrating a protest or political dissent and joe Government happens to be in the background, can he have my photo deleted? it's a photo of him, and maybe he doesn't want it out there. If I make a comment and quote Jeff Anyguy, can he have my comment deleted? It contains statements he made, and maybe he's chang

Re:

[Haedrian]

Because once upon a time, during a period of time called the "Cold War", America stood for individual and corporate freedom against a "Government Run" evil communist empire.

And the mentality of "Better Dead than Red" and "Government Intervention = Evil Commie" seems to be still alive today.

Re:

[Haedrian]

Because for some reason, if the government puts his foot in the door, its the first step towards "Socialism" and 'the dark side'.

Corporations will fill the 'leader' voice without any consensus or something like that.

Moroever, when you have large comapnies - they can afford to pay for advertising which turns you towards their side. Do you wonder how many "Obama's Healthcare Plan == Bad" complaints came from (or were backed by) private hospitals and insurance companies?

Re:

[Peeteriz]

Much of the problem is about non-public information.

If I give Amazon my full name for credit card invoicing and my address for shipping, it doesn't mean that I have 'PUT IT ON THE BLEEPING INTERNET'.

And it doesn't mean that I am giving them permission to keep this info forever, and giving them permission to sell this information to everybody else - despite any legalese that they have written in their T I don't intend to give them such a permission.

Re:

[cheekyjohnson]

"Still, what you are calling a "moron" may be more than 50% of internet users."

Yes, and they're absolute morons. They should either learn how to use the computer and internet responsibly or stop using it all together (not likely).

Re:

[Peeteriz]

It creates some technical problems that companies will have to solve if they want to store personal information - yes, it complicates things.

But this is one of the issues where "it's complicated" is not an excuse. Legally, no one would care if some old backup contains the data still, as long as the company is not using the data in any way and is properly destroying the data before, say, selling old computers/hard-drives. If you do have to restore an old backup - then you either have a way to clear my data a