wasting bandwidth since 1999
Way back in the fall of 2019 BCP1, a friend and I decided to plan a photo adventure somewhere in Europe. We wanted to land somewhere and, for the most part, choose where to go next day-by-day. Finding lots of new experiences and wonderful images along the way.
Related to the previous post, one way I follow news around the right to be forgotten, and the larger topic of data privacy, is using Google news alerts. Not a great research system, instead a little like mining for gold: most days they deliver a whole lot of dirt, mostly from obscure sites.
Then there are the little nuggets that occasionally show up.
Like this press release from a UK start up that promises to “give people back ownership of their personal data online”.
Ok, tell me more.
Continue reading
One “tech” story that seemed to be missing from most of those decade-in-review pieces is that of the “right to be forgotten”. Although this issue is really more about privacy and use of personal data, it’s more relevant to tech than stuff like Amazon extorting local communities in their “search” for a new headquarters.
The concept first jumped on the radar for most people in 2014 when the European Court of Justice ruled that EU citizens had a right to ask search engines to remove “inadequate, irrelevant or no longer relevant” information from their results.1 I first began following this issue around that time and, as you might expect, nothing about this decision turned out to be that simple.
Almost four years ago, the highest court in the European Union (EU)1 ruled that citizens of member countries had a “right to be forgotten”. Of course, that ruling left some holes and more than a few questions. But it did trigger some increasingly public conversations around the general topic of privacy and personal data.
That discussion, paired with some massive data breeches at high profile companies, led the EU Parliament to create a new set of laws2 dealing with data security and privacy. Those rules, the General Data Protection Regulations (GDPR), will become effective in the EU beginning in May.
In general, the GDPR sets strict guidelines for the kind of data that can be collected from individuals by companies and organizations, and how that data can be used. That data includes anything that can be used to specifically identify a person (including social media posts, location info, photographs, etc.), as well as not so obviously personal information like race, religion, and politics.
GDPR also requires companies to obtain more specific consent from the user as well as explaining more clearly how their data will be used. Specifically excluded is vague language like “Improving users’ experience”, “marketing purposes”, or “future research”. Companies must also make it easy for users to withdraw their consent and are then required to delete the material they’ve collected.
So what has any of this got to do with those of us not living in Europe? Plenty.
While the regulations are specific to the member countries of the EU, most of what I’ve read about them suggest that all of us in the US, and elsewhere in the world, will likely be affected by them.
The law applies to any company or organization that does business in the EU member countries and collects personal data from their citizens. That includes many based in the US, familiar names like Facebook, Google, Microsoft, Apple, and more. Since most multinational corporations shuffle information around the world, it’s very likely that they will need to adapt their data handling practices everywhere, not just in Europe.
Plus the law also also provides for some pretty hefty penalties for misusing or failure to secure the data, including fines of up to €20 million or 4% of “global turnover”, whichever is larger. To put that in some perspective €20m (about $24m US at the moment) is pocket change for Facebook. 4% of their total income is not.
I know, all of this is pretty geeky stuff.
However, it’s also important if you’re concerned about the data most companies are already collecting about you and others. If you’re interested in more details of the GDPR in basic, non-legal language, check out this rough guide to GDPR and/or this short summary directed at US corporations.
Of course, the EU laws are not perfect. There will likely be much confusion when they take effect, and when the first law suits follow not long after. It will be interesting to see whether the big data collectors will be forced to change their behavior. Or will they just find new ways to continue their current practices? After all, our information is the foundation of their massive profits.
Beyond that, there’s also the larger question of whether the US should implement similar laws? It’s not likely to happen in this political climate, with political “leaders” who claim that the “free market” will protect us all. But maybe some outside pressure on US-based companies may effect some need change.
The map is from the BBC, showing the current configuration of the European Union. Of course, their home country, the United Kingdom, is in the process of a very contentious “Brexit” from the EU, so that map could change in 2019. In more than one way if the people of Scotland and Northern Ireland make some hard decisions.
1. Very tangential side note: I love that the official anthem of the EU is based on Beethoven’s “Ode to Joy”. Certainly more uplifting music than the militaristic tones of most national anthems.
2. In some of what I’ve read, experts says that GDPR isn’t so much “new” law as it is a clarification of many different data and privacy regulations that are already on the books, combined with court rulings. Either way, GDPR is likely going to change the way companies do business in the EU, and possibly elsewhere.
Two years ago this month, the highest court in the European Union declared all of their citizens had a “right to be forgotten”. Specifically, the justices said anyone could request that Google (and other search engines) remove from their results links to information about themselves that was out of date or in other ways irrelevant.
In the time since, the ruling has raised many questions about the concept, and created many more problems than it has solved.
Starting with the fact the court handed Google a great deal of power in determining what information should be “forgotten”. This at the same time the European Union is very concerned about the amount of data being collected by many large, multi-national corporations like Google, as well as where it’s being kept.
Then there’s the confusion over the requests themselves and what happens to the information. Completing the online form doesn’t automatically lead to removing a link. According to a recent report “Google refuses roughly 70 percent to 75 percent of requests”, with the top two reasons being the information concerns the professional activity of the requester or the fact that they “are at the origin of this content”. They also get a lot of compaints from people outside the EU who don’t understand why they can’t play in this game.
Plus, the information “removed” is still stored somewhere on the web. Deleting articles from search results has pissed off European news organizations, some of which now maintain lists of their forgotten links. Is Google now obligated to remove results that bring up those pages? Or to stories about links that have been removed? TechDirt, a Silicon Valley news site that deals in technology and government policy, has been playing with these questions and more by regularly posting on the right to be forgotten with links to “disappeared” stories included, to observe how quickly they are removed.
As amusing as some of the stories related to “right to be forgotten” are, there is a really scary aspect to all this. This is all part of a concerted, sometimes aggressive effort by governments all over the world to control the flow of information.
And not just in their countries. France, for example, has told Google they must “respect French “right to be forgotten” rulings worldwide”. The company is pushing back (for now) but the world is full of disreputable government officials who would like the power to disappear more than just embarrassing information.
Anyway, this issue of censoring digital information is just getting started. In terms of all of recorded history, the internet is a very new communications medium, and very much unlike other undemocratic, more easily controlled channels. It will be interesting to watch just how badly governments and large corporations can screw up the web and the creative new ways of circumventing the blocks people will develop.
For now, happy second anniversary to the “right to be forgotten”, although I’m not sure anyone interested in an open web should be celebrating.
© 2023 Assorted Stuff
Theme by Anders Noren — Up ↑