I’ve previously written on regulation of European data processing here. I’ll be presenting on the “right to be forgotten” (RtbF) in Chicago this Spring. I’ll be writing a series of posts here to prepare for that lecture.
Julia Powles offers an excellent summary of the right in question. As she explains, the European Court of Justice (ECJ) has ruled that, “in some circumstances—notably, where personal information online is inaccurate, inadequate, irrelevant, or excessive in relation to data-processing purposes—links should be removed from Google’s search index.” The Costeja case which led to this ruling involved Google’s prominent display of results relating to the plaintiff’s financial history.
Unfortunately, some US commentators’ views are rapidly congealing toward a reflexively rejectionist position when it comes to such regulation of search engine results–despite the Fair Credit Reporting Act’s extensive regulation of consumer reporting agencies in very similar situations. Jeffrey Toobin’s recent article mentions some of these positions. For example, Jules Polonetsky says, “The decision will go down in history as one of the most significant mistakes that Court has ever made.” I disagree, and I think the opposite result would itself have been far more troubling.
Internet regulation must recognize the power of certain dominant firms to shape impressions of individuals. Their reputational impact can be extraordinarily misleading and malicious, and the potential for harm is only growing as hacking becomes more widespread. Consider the following possibility: What if a massive theft of medical records occurs, the records are made public, and then shared virally among different websites? Are the critics of the RtbF really willing to just shrug and say, “Well, they’re true facts and the later-publishing websites weren’t in on the hack, so leave them up”? And in the case of future intimate photo hacks, do we simply let firms keep the photos available in perpetuity?