Tuesday 12 August 2014

Opinion: ‘Right to be forgotten’ ruling opens a legal and ethical Pandora’s box

The Journal, 23rd July 2014

THE RULING BY the European Court of Justice just over two months ago that the citizens of Europe have a ‘right to be forgotten’ has opened a legal and ethical Pandora’s box. The original ruling, based on the case of a Spanish citizen who wished to have information about his financial woes a decade previously taken out of search results on Google, was vaguely constructed and left the door open for individuals, and maybe even organisations, to have damaging or embarrassing material about themselves no longer reachable through a Google search.

While the court said that the ruling would be applied only where it did not conflict with freedom of expression or of the press, it left the burden of proof and investigation of this up to the party running the search engine, i.e. Google, and not up to the person seeking to have his or her information “forgotten”. Google is currently receiving about 1,000 requests a day for links to particular pieces of information to be removed from its search results. Quite understandably, the company has begun simply to grant these requests on receipt of them, as there is no way the company could (or should) wade through the sheer volume of requests and check each one for compliance with both the ruling on forgetting information and with freedom of speech. The court’s insistence that it is Google’s job to do the leg-work on each request has led inevitably to the company letting through a lot of right-to-be-forgotten requests which are dubious, to say the least.

From corrupt referees in Scotland to bankers at the former financial institution Merrill Lynch who may have played a role in the financial crash, various individuals are coming forward to have unpleasant facts about their pasts erased. Then of course there are the convicted sex offenders and individuals convicted of crimes like assault who wish to have links to articles about their crimes taken down. This ruling is a godsend for anyone with a criminal past who wishes to scrub their own record clean.

Effective data protection

The ruling was based on the principle of ‘Data protection’ which was conceived as a way of protecting the data of private citizens when it is held by governments. It particularly applies to social services and other branches that keep large quantities of highly personal information about citizens. This is a crucial protection afforded to citizens against the one organisation whose processing of data needs to be closely monitored: their government. As exemplified by the ongoing activities of the NSA and other overly-powerful governmental organisations around the world, when it comes to government-held data, the citizen needs not just a right to be forgotten, but effective safeguards to ensure the government cannot get certain information in the first place. Data protection does not apply well to private companies. The information to which people are attempting to restrict access is public knowledge, shared freely over the internet. Just because information is relevant to someone does not mean they have carte blanche to restrict access to it.This is especially true with online articles and other documents which are made available in the public interest, and should not be censored, no matter how embarrassing their content. The function of the press is to spread information in the public interest. Sometimes this information may be detrimental to an individual’s reputation, but the fundamental freedom of the press to spread information should not be curtailed because of this.

Empowering governments

The wide-ranging ruling handed down by the European Court has a second danger concealed within its arguments. By empowering European governments to go after companies like Google whose servers are actually based outside European territory, the court is setting a dangerous precedent. If the European courts can prosecute Google and other search engine providers for not removing links to information stored in servers outside the continent, what is to stop the the process happening elsewhere? What if the United States government, for example, were to demand that information based on or provided by Wikileaks or Edward Snowden be deleted from European-based servers? Given that the European court said in its ruling that information could be deleted if it was “inaccurate”, “excessive” or “irrelevant” surely the US government would have grounds to demand that leaked documents be taken down from search engines or removed entirely, or even that newspaper articles relating to them be removed from Google search results.

The internet has given birth to an unprecedented free transfer of information in the modern world. It has broken down barriers and enhanced freedom across the globe. To start rowing back that freedom by way of a “Right to be forgotten” would undermine over two decades of progress. Information should be free, and not restricted by the arbitrary actions of individuals or unaccountable courts. It is time to forget about the right to be forgotten.

Private investigator to be tried over data breaches in October

Irish Times, 21st July 2014

A private investigator charged in relation to alleged breaches of data protection legislation will be tried in October. Michael J Gaynor, trading as MJG Investigations, Beatty Grove, Celbridge, Co Kildare, was before Dublin District Court this morning facing a prosecution by the Data Protection Commissioner. Mr Gaynor faced 72 criminal charges in relation to alleged breaches of data protection legislation, including illegally accessing and disclosing personal information on individuals held by An Garda Síochána and the ESB.

It is the first such criminal prosecution of its kind in the State. Mr Gaynor faces three charges of illegally accessing personal information held by An Garda Síochána and of disclosing it without authority, under the provisions of section 22 (1) of the Data Protection Acts 1988 and 2003.

He faces a further nine charges of illegally accessing and disclosing personal information held by the ESB under the same section of the Acts. Some 60 charges against him relate to illegally processing the personal data of a number of individuals without an entry in the register held by the Data Protection Commissioner for data processors.

The offences are all alleged to have occurred between May and October 2013. Counsel for Mr Gaynor, Justin McQuade BL, told the court today the issues had been “considerably narrowed” and that a trial would go ahead on three of the charges. He said one day would be sufficient to hear the case. Judge John O’Neill set the trial date for October 6th.