Call it a “right to be forgotten” or maybe it's simply online privacy on steroids; but either way, the push is on inside the European Union to give users of the Internet the right to -- poof! -- make their every Internet trace disappear.
Imagine this: You had a bad day at work, you get home and drain a bottle of wine, then you begin peppering Facebook, Twitter, wherever else you sign on, with posts attacking your boss, the company, your co-workers and... well, you get the ugly picture.
At 3 a.m. you wake up with a start and -- good news, if you are in Europe -- the European Union’s proposed rules will give you the right to obliterate every trace of those angry posts.
Or will they?
And will it work in the United States?
The answers from the experts are much less optimistic than you might hope.
But first, the background.
Formally called "A comprehensive approach on personal data protection in the European Union,” the legislation, driven by EU justice commissioner Viviane Reding, is intended to make sites like Facebook
responsible for caring for users’ information. To make sure this truly is so, information must be erased at a user’s request.
Oh, and don’t think that because the servers are not on EU soil that a company can dodge the EU rules. Matthew Newman, spokesman for EU Viviane Reding, told the Guardian that companies "can't think they're exempt just because they have their servers in California or do their data processing in Bangalore. If they're targeting EU citizens, they will have to comply."
Hold your applause.
As leading privacy attorney Chris Wolf puts it, “A flat grant of a right to be forgotten is completely unworkable. A right to be forgotten could be burdensome on business and probably impossible to enforce.”
Wolf, who is director of the privacy practice at Washington law firm Hogan Lovells, added: “I do not see this coming to the United States because of the First Amendment.”
Wolf is hypothesizing instances in which a person comments on another’s post and, later, the first person wants to delete the thread -- which entails deleting the second person’s comment. But that, says Wolf, clearly impedes the second person’s free speech rights.
For that reason -- and the fact that so far the Supreme Court has not ruled that we have a right to informational privacy -- Wolf sees the EU measure as a non-starter in the US.
But the legislation will also face hurdles in Europe, despite significant sentiment that these privacy measures be enacted into law. The reason: “There are big technical problems involved in attempting to delete all instances of information online,” says Darren Hayes, a computer forensics expert and a professor at Pace University in New York.
The core problem pointed out by Hayes is that, once online, information multiplies. It goes into caches, it gets picked up by scraping sites, it gets forwarded by others. Putting info online is the digital-age equivalent of letting a genie out of a bottle. There just is no good, or reliable, way to capture it for erasure.
“The information will never go away completely. Even trying to find all the places where it has been copied is impossible,” says Dave Hatter, owner of software development company Libertas Technologies in Cincinnati.
But just maybe there is a glimmer of hope for privacy advocates. According to Hayes, if a site like Facebook is regularly pilloried in the European press -- and hit with big fines in EU courts -- that may prompt many companies to really stiffen their privacy protections. "Perhaps the practicality [of erasing information] isn’t important," he suggests, "not if the fines and the headlines are big enough."
Nobody wants to be targeted as a bad guy, not for the long term, and this EU legislation is primed to put a harsh, unflattering spotlight on Facebook et al. And that, Hayes believes, may be plenty to nudge them into implementing much tougher privacy protections.
Will the results be perfect? No way -- but they just may be a lot better than what we have.
— Robert McGarvey is a widely published author and expert on social media.