Open Access

Can the Internet Forget? – Rhe Eight to be Forgotten in the EU Law and its Actual Impact on the Internet. Comparison of the Approaches Towards the Notion and Assessment of its Effectiveness

Aleksandra Gebuza
Aleksandra Gebuza
   | Jun 11, 2020
Wroclaw Review of Law, Administration & Economics's Cover Image
About this article
Previous Article
Next Article
Cite
Published Online: Jun 11, 2020
Page range: 86 - 101
DOI: https://doi.org/10.2478/wrlae-2019-0006
Keywords
© 2019 Aleksandra Gebuza, published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License.
Introduction

Nowadays, information has become one of the most important and valuable objects of commercial trade. Increased accessibility to information resulted in mass gathering and storing personal data for private purposes. This also caused privacy rights to be violated more frequently. The often-repeated phrase that perfectly describes this phenomenon is once we post the information on the Internet, it will stay there forever. What is more, these data often used without the knowledge of the data subject might be harmful to one's reputation, professional life or private relations. Particular countries attempted on finding a solution to such threats, unfortunately with little effect. The first legal instrument, which changed the approach to privacy on the Internet and raised further discussion in this matter, was introduced by the European Union in May 2014 as the right to be forgotten.

The right to be forgotten was for the first time implicitly introduced in Article 17 of the General Data Protection Regulation, which came into force on 25 May 2018

Regulation (EU) 2016/679 of the European Parliament of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (2016) OJ l 119/1 [hereinafter: “General Data Protection Regulation” or “GDPR”].

. However, the milestone for its formation and development was the decision of 14 May 2013 issued by Court of Justice of the European Union in case Google v. AEPD & Gonzalez.

Case-131/12, Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, [2014], ECLI:EU:C:2014:317 [hereinafter: Google v. AEPD & González case/Google v. AEPD & González case].

 This decision gave a rise to debate within and outside the European Union on relevancy and necessity of adopting this right domestically and internationally.

In the article, the author attempts to present the effects of the abovementioned debate and potential solutions for bigger effectiveness of the aforementioned right. First, a critical assessment of this right having considered violations of the freedom of speech will be presented. Then, the author will present a supportive approach arguing that the right is an inevitable tool necessary to protect individuals’ privacy on the Web and sets the balance between interests of all parties. By comparing various approaches, including European and American doctrine and jurisprudence, the author attempts to provide an analysis of the proposed solutions. Consequently, the author assesses whether the legal measures applied by the European Union are sufficient to ensure security of the EU residents or whether the right to be forgotten is just a utopian wish.

Critical approach

By juxtaposing the articles presented by the American and European doctrines, it has emerged that the majority of the articles published in the United States presented criticism towards the notion of the right to be forgotten. Contrary views had been developed by the European doctrine. Still, one should not treat the given division literally, because it only represents tendency of the majority in the United States and the European Union.

The possibility of infringing the freedom of speech

The right to be forgotten has been criticised by the representatives of the American doctrine, jurisprudence and journalists, considering the potential breaches of the freedom of speech. The judgement for Google v. AEPD & Gonzalez was challenged as creating an ‘unwitting private censors’ on the Internet.

Eltis Karen, ‘The Anglo-American/Continental Privacy Divide? How Civilian Personality Rights Can Help Reconceptualise the “Right to be Forgotten” Towards Greater Transnational Interoperability’ (2016) 94 La Revue du Barreau Canadien 355, 360.

Commentators with the diverse socio-political backgrounds described the right to be forgotten as ‘antithetical towards the free expression and as distorting the benefits attending unfiltered access to information’.

Micheal L Rustad and Sanna Kulevska, ‘Reconceptualizing the Right to be Forgotten to Enable Transatlantic Data Flow’ (2015) 28 Harvard Journal Law & Technology 349, 350, 355.

In order to fully understand the reason of the negative approach towards the judgement of the CJEU, one should consider the development of the right to freedom of speech and the right to privacy in the United States.

Since the founding fathers, American constitutional jurisprudence has strongly protected the principle enshrined in the First Amendment, namely, the right to free speech. As was stated in the United States v. Associated Press ruling ‘The First Amendment […] presupposes, that right conclusions are more likely to be gathered out of a multitude of tongues, than through any kind of authoritative selection […] To many this is, and always will be, a folly, but we have staked upon it our all’.

United States v. Associated Press, (52 F. Supp. 362, Judgement of the District Court, S. D. New York of 6th October 1943) para 372.

As was underlined by the US Supreme Court, the corollary of free speech is the freedom to access to information, and therefore, ‘the right to receive [...] information and ideas, regardless of their social worth, is a right that is fundamental to [...] free society’.

Stanley v. Georgia, (394 U.S. 557, Judgement of the United States Supreme Court of 7 April 1969) 564.

 Not without significance is the chronology of the development of the freedom of speech and the right to privacy in the United States, in order to fully comprehend American reluctance in creating any new regulations limiting the share of the information.

Processing of personal data by the search engines can be of example. In the recent decade, this medium has become one of the major forces on the Web. However, these engines made privacy rights to be infringed on a more frequent basis.

United States’ jurisprudence has acceded to the interpretation that the choice of what is included or excluded in the engines shall be protected under the First Amendment. This is because Google's ranking of websites consists of subjective results being constitutionally protected opinions.

Search King, Inc. v. Google Technology, Inc., (CIV-02-1457-M, Judgement of the District Court, W. D. of Oklahoma, of 13 January 2003)

It can be observed that the US courts interpret the legitimacy of search results primarily through the prism of constitutional principle of the free speech, free press and free share of information – principles protected in the American jurisdiction.

Hugh J. McCarthy, ‘All the World's a Stage: The European Right to be Forgotten Revisited from a US Perspective’ (2016) 11 Journal of Intellectual Property Law & Practice 360, 367.

One can observe that some scholars accuse the judgement of the CJEU of diminishing the strong position of the right to free expression, which is enforced by the American Internet giants, such as Google, Yahoo or Facebook.

Karen (n 3) 365–370.

As such companies are nowadays the biggest intermediaries of the information flow, they shall be treated as ‘an aggrandized notion of free speech’ that must prevail over anything else, including reputation, and even privacy. Thus, it must from time to time render European norms ineffective in practice.

Ibid.

Shortly after publishing the judgement, strong criticism emerged in newspapers as well. The article published on The Washington Post on 12 July 2014 by the Editorial Board of the newspaper may be of an example. Its author accused the right to be forgotten of ‘not looking too wise’, because it constitutes ‘huge, if indirect, challenge to press freedom’

Editorial Board, ‘UnGoogled: The Disastrous Results of the ‘Right to be Forgotten’ Ruling’ (2014) The Washington Post, <https://www.washingtonpost.com/opinions/ungoogled-the-disastrous-results-of-the-right-to-be-forgotten-ruling/2014/07/12/91663268-07a8-11e4-bbf1-cc51275e7f8f_story.html?utmterm=.6427779f7d15> accessed 29 October 2018.

.

The possibility of requesting any information to be deleted from databases may impact the accountability and the free speech.

Erin Cooper, ‘Following in the European Union's Footsteps: Why the United States Should Adopt Its Own Right to Be Forgotten Law for Crime Victims’ (2015) 32 Journal of Information Technology & Privacy Law 185, 199.

Moreover, there is an issue concerning the transparency and accountability of the websites examining the requests. The companies, such as Google, are keeping in secret what actions they are taking during removal process initiated after the judgement in Google v. AEPD & Gonzalez case. Present situation creates a peril of giving the private companies too much power over what is actually removed from the Web.

The application of the principles under the Charter of Fundamental Rights of the European Union may also be criticised in the light of potential scope of application and transparency. It is necessary to cite the opinion of the Privacy Commissioner of Ontario, Ann Cavoukian, and co-chair of the Future of Privacy Forum, Christopher Wolf, who stated that the CJEU focused on the right to privacy and the protection of personal data enshrined in the Charter, without analysing the right to freedom of expression.

Ann Cavoukian, and Christopher Wolf, ‘Sorry, But There's Online Right to be Forgotten’ (2014) National Post, <http://nationalpost.com/opinion/ann-cavoukian-and-christopher-wolf-sorry-but-theres-no-online-right-to-be-forgotten> accessed 29 October 2018.

The issue was developed by the latter author in the article ‘Impact of the CJEU's Right to be Forgotten’. It was emphasised there that the lack of exact provisions on the application of the right to be forgotten and mandating Google the role of judge and jury of deeming which information is in the public interest may provoke infringements.

Christopher Wolf, ‘Impact of the CJEU's Right to be Forgotten. Decision on Search Engines and Other Service Providers in Europe’ (2014) 21 Maastricht Journal of European and Comparative Law 547, 553.

Even the Advocate General in its Opinion to the Google v. AEPD & Gonzalez case argued that introduction of the right to be forgotten ‘would entail scarifying pivotal rights such as freedom of expression and information’. This would make place for the suppression of ‘legitimate and legal information that has entered the public sphere’ and could result in censorship of a given content.

Case-131/12, Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, [2014], ECLI:EU:C:2014:317, Opinion of AG Jääskinen para 106.

The extreme application of the privacy rights in such a vague manner, as presented by the CJEU, is suggested to be converted into the right to censor.

Cavoukian and Wolf (n 13).

 One of the representatives of American doctrine has stated that ‘an overly expansive right to be forgotten will lead to censorship of the Internet because data subjects can force search engines or websites to erase personal data, which may rewrite history’.

Rustad and Kulevska (n 4) 372.

 It is a very firm and also a bit excessive statement. However, it describes suitably the biggest fear of the notion's critics. Also, the founder of Wikipedia portrayed the right to be forgotten as ‘completely insane’, as preventing the Wikipedia editors from writing truthful information.

Caroline Preece et al., ‘Google “Right to be Forgotten”: Everything You Need to Know’ [website], (2015) IT Pro, <http://www.itpro.co.uk/security/22378/google-right-to-be-forgotten-everything-you-need-to-know> accessed 29 October 2018.

 McKay Cunnigham has even dared to claim, that ‘European filtering of Internet content worldwide through the right to be forgotten […] effectuates international censorship in the guise of privacy’.

Cunnigham McKay, ‘Free Expression, Privacy and Diminishing Sovereignty in the Information Age: The Internationalization of Censorship’ (2016) 69 Arkansas Law Review 71, 114.

The Google v. AEPD & Gonzalez case also caused national courts and data protection authorities to engage in the process of development and establishment of adequate standards for examination of the ‘fair balance test’ introduced by the CJEU. Owing to lack of clear interpretative guidance of newly emerged notion and vagueness of the fair balance test, some courts took rather reserved approach towards the judgement.

This can be seen especially in the ruling of an Italian court, where the Privacy Authority reinforced the understanding of the fair balance test by stating, that the right to be forgotten shall be balanced with the freedom of the press, being strongly connected to the freedom of information. On 31 March 2015, the authority issued a decision in which it claimed that individuals cannot request delisting of search results concerning the recent news with relevant public interest.

Decision No. 618 of Garante per la Protezione dei Dati Personali of (2014) (Italy), <https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/3736353> accessed 29th October 2018.

On the other hand, search engines are obliged to remove information, which may be misleading or false. During the proceedings, the claimant argued that Google was obliged to delist the news from the search engine, because they were ‘extremely misleading and strongly detrimental’.

Ibid.

 The authority rejected the request, because it found the news ‘extremely recent’ and underlined the relevant public interest of the news, which referred to essential judicial inquiry involving a large group of people at local level.

Ibid.

 Therefore, in the given case, the authority decided that the freedom of press shall prevail over the right to be forgotten.

Ibid.

Is the fair balance test actually fair? – the criticism of the clarity of the prerequisites concerning application of the right to be forgotten set by the CJEU

The CJEU has developed a fair balance test in the Google v. AEPD & Gonzalez judgement. It provided equality of individual's right to privacy and the freedom of expression.

Google v. AEPD & González case (n 2) para 81, 88.

Its main aim was to safeguard interests of both parties. In fact, very few fundamental rights are absolute. In most of cases, one right can be limited, so the other right can be ensured.

The test established in the Google v. AEPD & Gonzalez case is precedential. In general, in accordance with Article 51 of the Charter of Fundamental Rights of the European Union, the application of the fundamental rights is primarily addressed to the European Union, and then to Member States, when they exercise a discretion conferred to them by the EU law (for instance, in case of the implementation of directives) or in case of limitation or derogation of one of the rights conferred by the treaties.

Article 51, Charter of Fundamental Rights of the European Union [2012] OJ CHA2012/C 326/02, [hereinafter: Charter of Fundamental Rights of the European Union]; See also: Article 7 and 8 of Charter of Fundamental Rights of the European Union.

It shall be noted that the Court effectively placed ‘control’ of the processed data in the given case on the search engine, because the legal person having a legal responsibility to uphold fundamental rights specified in the EU law. Such engines have been, therefore, obliged to protect personal data. That obligation stems from the Directive 95/46/EC and the Charter of the Fundamental Rights of the European Union.

However, the fair balance test provided by the CJEU has met with the criticism. It has been due to its vagueness, which creates serious issues when it comes to execution.

The notion is accused of being too broad, allowing for too many individuals to request removal of their personal data and, at the same time, largely affecting free speech rights.

Cooper (n 12) 199.

The doctrine, the EU law, especially the Directive 95/46/EC

European Parliament and Council Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of the personal data and on the free movement of such data, [1995] OJ L 281/31.

, the Google v. AEPD & Gonzalez judgment and General Data Protection Regulation do not give a real and effective premises or helpful guidelines as to what should be removed.

Ibid.

 One often criticised the judgement for offering no guidance on how it should be applied. This is because the CJEU in the ruling did not elaborated on issues such as the appropriate amount of time that would make some information ‘no longer relevant’, or the scope of the ‘public interest’ term.

Editorial Board (n 11).

The question concerning the accountability arises again, as the lack of full transparency of the private companies’ actions causes that it is impossible to assess at which point the removal becomes balanced in the requester's favour.

Cooper (n 12) 199–200.

The problem of the borderless flow of information on the Web

The borderless nature of information's flow on the Internet is not without the significance, because it eludes traditional territorial-based jurisdiction and enforcement.

Miriam Wugmeister, Karin Retzer, and Cynthia Rich, ‘Global Solution for Cross-Border Data Transfers: Making the Case for Corporate Privacy Rules’ (2007) 38 Georgetown Journal of International Law 449, 475–476.

In order to provide effective, transparent and fair application of the right to be forgotten, one cannot merely stick to its own national, or as in case of the European Union, ‘regional’ law, because it cannot encompass all potential subjects processing the personal data. The so-called ‘omnibus privacy laws’ are criticised for being ineffective, because they ignore the manner in which digital data are created and processed on the Internet.

Shaffer Gregory, ‘Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U. S. Privacy Standards’ (2000) 25 Yale Journal of International Law 1, 6.

It has to be noted that information goes through unpredictable routes, and for this reason, it may be very elusive to find its origins, because the data are often augmented, duplicated or altered.

Cunningham McKay ‘Privacy Law That Does Not Protect Privacy, Forgetting the Right to Be Forgotten’ (2017) 65 Buffalo Law Review 495, 503.

Even when it is possible to find the original holder of the particular data, as, for instance, IP addresses, such information can be easily redirected to another country or masked.

Ibid.

 That is why any laws that will not have a global scope will be ineffective. A good example may be found in the Google v. AEPD & Gonzalez case, because the search results concerning Mario Costeja Gonzalez were removed from the search results but only in the EU domains. His personal data can be easily found in the United States or Japan. Therefore, his privacy is protected but only partially.

What is more, it is not hard to track origin of search results processed by Google, but in case of small websites that are operated by anonymous persons, it is not that easy. Therefore, a fully effective legal instrument could be created only by the international public law.

However, at the moment, such vision seems to be highly unlikely. At present, no international law that applies outside of the EU territory contains explicit provisions concerning the right to be forgotten. Enactment of such rules would be extremely difficult, because of huge differences in each country's fundamental values, constitutional principles, legislation and case law.

Julia Kerr, ‘What Is a Search Engine: The Simple Question the Court of Justice of the European Union Forgot to Ask and What It Means for the Future of the Right to Be Forgotten’ (2016) 17 Chicago Journal of International Law 217, 232.

Supportive approach
Reinforcement of the right to private and family life and to protection of personal data

It is quite often argued that the judgement of the CJEU has reinforced the right to private and family life stemming from Article 7 and the right to protection of personal data enshrined in Article 8 of the Charter of Fundamental Rights of the European Union

Article 7 and 8, Charter of Fundamental Rights of the European Union.

.

The policy behind the creation of the right to be forgotten is in overall beneficial to society, because it gives to the EU citizens an opportunity for a fresh slate. This comes without the old and prejudicial information affecting their lives, which, at the same time, are irrelevant towards the public interest.

Cooper (n 12) 198.

The right to be forgotten shall be seen as a possibility of taking control over one’ own personal data, including the control over how these data are being accessed online.

Julia Powles, and Enrique Chaparro, ‘How Google Determined Our Right to be Forgotten’ (2015) The Guardian, <http://www.theguardian.com/technology/2015/feb/18/the-right-to-be-forgotten-google-search> accessed 29th October 2018.

 Most people are not public figures and most of the information concerning their lives would be merely without significance for the public interest.

Moreover, publication of certain information online can be not only breaching their privacy but also might be detrimental to their lives. Once more it should be underlined that when information is put on the Internet, it can stay there forever. The removal process is, therefore, crucial, because it allows people to remove potentially harmful information.

Cooper (n 12) 198; see also: Ted Claypoole, Theresa Payton, ‘Protecting Your Internet Identity: Are You Naked Online? Rowman & Littlefield, 2017, 1–11.

Preservation of the protection of right of freedom through the fair balance test

The critics of the Google v. AEPD & Gonzalez judgement often argued that the decision ‘forgot’ about safeguarding the freedom of expression.

Kulk Stefan, and Frederik Zuiderveen Borgesius, ‘Google Spain v. Gonzalez: Did the Court Forget About Freedom of Expression?’ (2014) 5 European Journal of Risk Regulation 389, 395–396.

However, such arguments depart from the truth. One cannot diminish value of other rights by granting the freedom of expression absolute priority.

The CJEU clearly stated that the person's right to privacy in general overrides ‘as a rule, not only the economic interest of the operator of the search engine, but also the interest of the general public’.

Google v. AEPD & Gonzalez case (n 2) para 81.

The infringement of the right to privacy may have much more serious consequences in certain circumstances, especially when the information is without any importance for the public interest.

As Giancarlo Frosio stated, ‘privacy itself is censorship and stands in contradiction with freedom of expression’.

Giancarlo F Frosio, ‘The Right to Be Forgotten: Much Ado About Nothing’ (2017) 15 Colorado Technology Law Jorunal 307, 315.

However, privacy shall not be treated as the peril towards to the freedom of speech. On the contrary, the privacy is about not circulating information of a particular individual.

Ibid.

 Therefore, it shall be understood as a principle that set the boundaries of freedom of expression, not the other way around.

Ibid.

 The CJEU underlined that the right to be forgotten cannot be applied in case when there is a preponderant interest of the general public in accessing certain information.

Google v. AEPD & Gonzalez case (n 2) para 81.

What is more, the CJEU considered the freedom of expression as one of the pre-requisites on implementing the right to be forgotten.

Frosio (n 42) 316.

Its application can be found especially in the fair balance test, where the CJEU demands to execute, at the same time, the freedom of expression and the right to privacy. The less important is the information for the public interest, and the more important for individual to be kept private, the higher likelihood of application of the right to be forgotten in such a case. The fundamental rights cannot be applied absolutely, because they will always infringe the other rights. By weighing them, one could find the balance. Any radical views concerning protection of one particular right will always be detrimental to others.

In fact, when some information has a minimal value for the society, but its publication may deeply infringe someone's privacy, there are no grounds to claim that the freedom of speech is infringed. The literal interpretation of the right to free speech is deeply hampering the right to privacy (not less important). That is why in the case of the right to be forgotten so crucial is a provision of balance.

The ruling of the Highest National Court in Belgium from 29 April 2016 can be of an example. In this ruling, the Belgian court analysed when the right to be forgotten shall prevail over the freedom of speech. In that case, defendant – newspaper Le Soir – made its archives publicly and freely accessible through its website in 2008.

Judgement of Cour de Cassation of 29 April 2016, (C.15.0052.F.), (Belgium), par. 1.

The archives included an article from 1994 concerning a car accident in which two people died. The article mentioned the full name of the driver, who survived the accident. After finding this information in the archives of the newspaper, the driver has made a request to Le Soir to remove the article or anonymise driver's personal data. The request was rejected by the newspaper.

Ibid.

The Highest National Court acceded to the arguments presented by the plaintiff and obliged the newspaper to remove the name of the driver from the article. Whilst rendering the ruling, the Belgian Court has made a reference to the Google v. AEPD & Gonzalez judgement by deciding that the right to privacy under specific circumstances can limit the freedom of expression.

Ibid., par. 4.

Owing to the fact that a sufficiently long period of time has passed, and taking into account that the anonymisation of the name would not have any impact on the essence of the information, the Highest Court decided that, in the given case, the right to be forgotten shall prevail over the freedom of expression.

Ibid., par. 6–9.

The attempt to safeguard lawful processing of personal in the context of borderless flow of information

One cannot state that the CJEU by rendering the decision in the Google v. AEPD & Gonzalez case ignored the borderless character of the flow of information on the Web. The CJEU in fact attempted to find the nexus between the actions of Google and the territory of the European Union.

After the judgement, the EU officials tried to face the challenges set by the borderless flow of information by adopting the General Data Protection Regulation. The main aim of implementing this new regulation was to protect – to the maximum possible extent – the privacy of personal data, including the flow of information outside the European Union.

In order to achieve these goals, it was decided that the maladjustment to the data protection rules shall have financial consequences.

Article 58, GDPR.

The extra-jurisdictional provisions that aim to safeguard the EU citizens’ rights are also not without significance. Until the GDPR, majority of private companies, often having its registered office in the territory of the United States, were reluctant to apply the rules set by the CJEU. The European Commission justified the long reach of the data protection regulations by stating that ‘without such precautions, the high standards of data protection established by the Data Protection Directive would quickly be undermined, given the ease with which data can be moved around in international networks’.

European Commission, Transferring Your Personal Data Outside the EU, (2015)<http://ec.europa.eu/justice/data-protection/data-collection-data-transfer/index_en.htm> accessed 29th October 2018.

 However, it should be noted that the GDPR has slightly modified the basis from the one proposed by the CJEU based on the Directive 95/46/EC. It is because GDPR is applied by all non-EU entities, provided that they offer goods or services in the European Union.

Article 3 (1), GDPR.

 This provision can be characterised as ‘bringing all providers of Internet services such as websites, social networking services and app providers under the scope of the EU Regulation as soon as they interact with data subject residing in the European Union’.

Dan Jerker B. Svantesson, ‘Extraterritoriality in the context of Data Privacy Regulation’, (2013) 7(1) Masaryk University Journal of Law and Technology 87, 90.

 This solution provides for effective protection of the EU residents from the abuses on the side of non-EU companies.

What is more, in order to prevent the flow of personal data to countries, where adequate safeguards of data protection rules are not met, GDPR prohibits the transfer of data, unless the country meets the EU law's standard.

Article 41, GDPR.

However, according to the European Commission, only 11 nations are actually perceived as meeting this standard.

European Commission, Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries, [website], available at: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu (accessed on 29 October2018), the European Commission has so far recognised Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the United States (with limitation to the Privacy Shield frameworks) as providing adequate protection.

 In order to not hamper the international commerce, the EU has agreed to transfer of data to countries not providing the adequate level of protection, provided that there is a special contractual agreement and ‘Binding Corporate Rules’ is in place to safeguard the level of protection set by the EU law.

The above-mentioned provision constitutes an attempt on regulating the ‘sofar’ unsettled issue of the uncontrolled flow of the information on the Web. The judgement of the CJEU and the GDPR provide for more effective means of executing the right to privacy. Indeed, the Google v. AEPD & Gonzalez judgement and GDPR cannot provide fully effective protection to the EU residents, although the level of protection is gradually elevated by new solutions proposed by the EU officials. The changes in the EU law can be seen as the first stage leading to the potential global recognition of the notion.

In fact, the full protection of the right to be forgotten could be provided only by the international law. Julia Kerr saw the possibility of developing this institution within the international community by applying the existing international treaties, which could incorporate the right to be forgotten and act as baselines on which states could develop their own national systems.

Kerr (n 35) 232.

She proposed the International Covenant on Civil and Political Rights as the best legal act, where one could introduce the right to be forgotten.

Ibid., p. 232–233; see also: Article 17, ICCPR.

 On the other side, such prospect seems to be too optimistic, because the majority of the states seems to be uninterested in the elevation of privacy's protection within the sphere of the Web, especially within the international community.

Still, the solutions proposed by the EU law may become a kind of the model law for countries, which are developing their interest in creating elevated rules on privacy law on the Web. The tendency observed by the scholars concerning privacy law of Germany can be seen as an example. Germany is perceived as a pioneer and champion in recognising the privacy rights. In accordance with Marc Rotenberg, other countries that observed the developments in German law adopted similar solutions in their domestic legal systems.

Marc Rotenberg, ‘Preserving Privacy in the Information Society’, (2000) INFOethics98 167 <https://unesdoc.unesco.org/ark:/48223/pf0000120452> accessed 29th October 2018, 180.

In fact, similar trends are occurring nowadays within the sphere of the privacy on the Internet. As the Web eases the invasion into the private life of citizens, many countries, such as South Korea, Hong Kong, Canada, Russia and South Africa, are actively developing regulations, which are similar in theirs aims and scope to the right to be forgotten.

Chelsea E Carbone, ‘To be or not to be Forgotten: Balancing The Right to know with the Right to Privacy in the Digital Age’ (2015) 22 Virginia Journal of Social Policy & Law, 545.

Thomas Webb stated in his Article on hate speech that ‘when the fundamental rights compete, many States protect human dignity and privacy rights at the expense of unrestrained speech’.

Thomas J Webb, ‘Verbal Poison – Criminalizing Hate Speech: A Comparative Analysis and a Proposal for the American System’ (2011) 50 Washburn Law Journal 445.

This quotation seems to be very apt to describe the current tendency. Especially, when one takes into consideration the recent Cambridge Analytica scandal, which discovered that the Facebook's policies allowed for the misuse of data of more than 87 million of the Facebook users.

Olivia Solon, Facebook says Cambridge Analytica may have gained 37m more users's data, [website], (2018) The Guardian, <https://www.theguardian.com/technology/2018/apr/04/facebook-cambridge-analytica-user-data-latest-more-than-thought#img-1> accessed 29th October 2018.

 After publishing information about the scandal, Facebook has faced mass criticism. It was criticised by social media, by newspapers and even by country officials for allowing the leakage of such a big amount of personal data to a firm suspected of having connections with one of the most important politicians in the United States.

Robert S Sandler, Facebook Users are Still Sceptical After Mark Zuckerberg Finally Addresses the Cambridge Analytica Scandal (2018) Business Insider <http://www.businessinsider.com/facebook-users-still-skeptical-mark-zuckerberg-responsel-2018-3?IR=T> accessed 29 October 2018.

 This event has once again raised concerns about the security of personal data processed by the biggest operators of search engines and social media. Such situations may help to understand the right to be forgotten not as an attempt of imposing a censorship but a necessary way of ensuring privacy, transparency and accountability of the actions taken on our personal data.

Conclusion

The right to be forgotten is undoubtedly essential for the protection of privacy on the Web. However, its shape is still far from perfection. Digitalisation of data, easy retrieval, cheap storage and jurisdictional uncertainties causes that our privacy is nowadays more endangered than even before.

The Google v. AEPD & Gonzalez case was precedential, because the CJEU provided for the first time a legal tool enabling execution of individuals’ rights.

However, the fair balance test provided by the CJEU, which aims in safeguarding the equilibrium between the right to privacy and freedom of expression, is vague and brings uncertainties when applied. The introduction of the GDPR did not resolve the issue of the vagueness of the fair balance test, but it still somehow ensured and secured the application of the above-mentioned right towards the EU residents.

It should be also noted that by introducing this right, a discussion on censorship on the Internet emerged. These fears should be considered in part as unfounded. The judgment neither violates the right to freedom of expression and information nor allows for potential breaches of the freedoms in the future. On the contrary, by creating the fair balance test, the CJEU levelled out the application of both fundamental freedoms. Indeed, still some national authorities may wrongly interpret the right to be forgotten and cause potential infringement to the freedom of expression. However, the same situation may occur as for hampering privacy. The decision of the Italian national authority may be seen as an example. The fair balance test may seem an imperfect solution when it comes to implementation of this institution. Although one cannot provide for precise laws, in case of the fundamental laws, they are inherently general and broad in their scope.

The perfect solution would be the development of an international accord, which would set minimum and uniform standards for protecting the fundamental rights. However, at present time, this scenario seems unrealistic.

The right to be forgotten does not solve all the issues connected with privacy online. Nevertheless, the introduction of the right into the EU law initiated a discussion on implementing it in domestic legal systems beyond the borders of the EU. In countries such as South Korea, China and India, legislative bodies have started to analyse the right to be forgotten, in order to introduce it into their national laws. In other countries, such as the United States and Canada, it launched a debate on the need of such right. The voices of criticism, however, weakened because of the recent news on data leaks. The most recent of them, that is, the Cambridge Analytica leakage, proves that unlimited and unregulated access to personal data on the Internet results in an immense violation of the right to privacy of persons, whose personal data became object of commercial trade.

Therefore, the establishment of effective privacy laws applied also on the Internet should not be perceived as a threat towards the freedom to expression and information but as an attempt to balance out both rights safeguarding interests of all.

eISSN:
2084-1264
Language:
English
Publication timeframe:
2 times per year
Journal Subjects:
Law, Public Law, other
Journal RSS Feed