Anything you put on the internet, is there forever. An unfortunate, but almost certain fact of life, but there is a chance it does not have to be. The United States of America is often seen at the forefront of change and takes pride in being a global superpower. Despite this, it sorely lacks important privacy and data protection laws to shield its citizens online. The European Union, on the other hand, has made strides in this regard, particularly with the right to be forgotten, and is paving a path that the U.S. is slowly beginning to adopt. While it is reassuring to see the U.S. slowly begin to take steps towards more comprehensive laws, there is a lot more that needs to be done. With their unique and complicated histories, it is understandable why the U.S. and the E.U. have come to have such different laws in regards to the protection of privacy. It is important to first explore exactly what the notorious right to be forgotten is, its impact in Europe, and America’s struggle to adopt similar laws.
The right to be forgotten stipulates that:
Personal data must be erased immediately where the data are no longer needed for their original processing purpose, or the data subject has withdrawn his consent and there is no other legal ground for processing, the data subject has objected and there are no overriding legitimate grounds for the processing, or erasure is required to fulfil a statutory obligation under the EU law or the right of the Member States. In addition, data must naturally be erased if the processing itself was against the law in the first place (“Right to Be Forgotten”). The legislation first took the world by storm in 2014 when it was thrown into the spotlight by the court case Google v. Costeja. Originating in Spain, Mario Costeja Gonzalez first brought the suit against Google when he discovered that all the top search results for his name returned old debts he once owed, which he claimed severely hurt his image. His cased relied on the fact that because the debt had since been resolved, it was no longer relevant to any discussion of who he was, and should be removed (Antani 1174). As it was catapulted onto the world stage, many scholars had and still have different opinions on what the right to be forgotten should mean, and the potential consequences. Those against the law passing, primarily pointed to the sheer difficulty and burden placed on Google and other search engines. The issue is further complicated by the fact that Google offers different search results per region, so if results were removed for Europe, would that inherently mean that the U.S. search results should also be removed? Especially when in America “the First Amendment’s free-speech provision usually trumps privacy concerns” (“On Being Forgotten”). Ultimately, Europe’s highest court, the European Court of Justice, or ECJ, ruled that the data controllers, e.g. Google, Yahoo, Bing, etc., are responsible for handling and executing the requests of its users to remove content. The original ruling for the right to be forgotten stipulates that data is only removed for the region the request originates from. For example, if the complaint originates from Spain and is approved by the data controllers, then it would only be removed from Google.es, and would still be visible in Italy with Google.it. This is, however, in contention, and many lawmakers believe that it is important for all regions, regardless of the origin of the request, to see the removal of the data (Antani 1176-1178).
Many critics point to the fact that right to be forgotten could be abused by criminals who want to erase their past, however, this would not fall under valid grounds for expulsion. In fact, not only have the requests for removing criminal records been in the minority, but Google also most commonly uses its discretion to say “no” to removing data. Google has received requests for over a million URLs to be removed, and yet has left close to 52% of the links untouched (Kernighan 202). Below, in figure 1, is a breakdown of the reasons why Google rejected removing a URL in question.
Fig. 1 – Refusals made by Google for removing a URL (Reputation VIP)
It can be seen that data controllers are diligent in making sure not to simply rubber-stamp approvals for removal requests. Criminals, untrustworthy businesses, and politicians trying to cover up their past are not immediately protected by the law, as many opponents were worried they would be. Diving deeper into what a “role in public life” means, it was found to include “TV presenter, journalist, politician, business leader, [or] famous artist” (Reputation VIP).
The United States was founded on core principles found in the Constitution and subsequently amended by the Bill of Rights. These amendments limit governmental power and protect the individual liberties of every American. The First Amendment is famously known for protecting freedom of expression, stating that “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances” (US Const., amend. I). At its core, the First Amendment protects freedom of speech, a “cornerstone of democracy,” and a point of contention that many have with the right to be forgotten (Weston 4). Critics claim that the right to be forgotten would never survive in America, as they see it in direct conflict with freedom of speech. The First Amendment protects freedom of speech, but not once it proves to be harmful towards others, as ruled in Schenck v. United States, 1919 (Alonso). The Fourth Amendment protects against unlawful searches and seizures, protecting an individual’s privacy (US Const., amend. IV). In colliding with the First Amendment, it is typically the case that these rights are in some ways limited to private individuals, and do not extend in the same way to those that live in the public eye. Take for example the case of James Sidis, a boy genius who was hounded by paparazzi so badly, he suffered from mental breakdowns, and chose to give up pursuing a Harvard professorship, to instead live a simple, private, life, outside the eyes of the public. Unfortunately for Sidis, even in a life of seclusion, he was still subject to an article published by The New Yorker, to which he filed a law suit in response. The Supreme Court set precedence, by supporting the Second Circuit’s opinion, where “Sidis was dismissed as a public figure with no right to challenge personal publicity” (Yanisky-Ravid and Lahav 982). Despite sympathizing for Sidis, given the public humiliation he faced in the article, Judge Charles Edward Clark claimed that it is not the place of the court to give “all of the intimate details of private life an absolute immunity from the prying of the press,” due to the “high value placed on freedom of speech” (Yanisky-Ravid and Lahav 982). This is an unfortunate case, but the precedence exists to prevent those such as politicians, reporters, or other public figures, from covering up their past, where it may be critical for the public to know their history and public actions.
The U.S. has long struggled with finding the balance between freedom of speech and an individual’s privacy. Often times, as seen in the example before, the Supreme Court will rule in favor of freedom of speech over matters of privacy. Erwin Chemerinsky, a law professor at the University of California, Irvine, says that “there has been little judicial protection for ‘informational privacy,’ the right to prevent one’s private information from public dissemination when that information is true” (Glazer). This been proven true by the numerous Supreme Court cases that “ruled against a right to informational privacy” (Glazer). Take, for example, Cox Broadcasting Corp v. Cohn in 1975, where a father of a rape and murder victim sued a newscaster for revealing his daughter’s name. The father sued under the grounds of invasion of privacy, but the Supreme Court ruled in favor of the newscaster, as the information was obtained legally and reportedly accurately, as such, it was protected by the First Amendment. This tragic story highlights just how engrained freedom of speech is in American culture, no matter the harm it might cause others; if it was obtained legally and is truthful, it is protected by the First Amendment. There have, however, been cases where the U.S. government has favored privacy rights. Most notably, the Children’s Online Privacy Protection, which stipulates that online services must have the parents’ permission to collect the child’s personal information, this definition being expanded in 2013 to include geolocation (Glazer).
Of course, the Founding Fathers could not predict what the landscape might one day look like, and thus with the question of privacy at hand, the Fourth Amendment has had its scope expanded over the past century. In 1928, Olmstead v. United States was brought to the Supreme Court and revolved around federal agents using information drawn from wiretapping private calls as evidence. Supreme Court Justice Louis D. Brandeis made history when he argued for a “constitutional right to privacy” (Glazer). The importance of this stems from the fact that nowhere in the Constitution is there any explicit call for a right to privacy. It is equally important to note the “cold reception” it initially received, because it borrowed from “aristocratic European ideas of the law of insult” (Glazer). Highlighting a stark juxtaposition between early American and European law. A pattern that one finds when studying U.S. law, is that many are not welcoming of new or elastic interpretation of laws that they feel should remain unchanged, which explains why more progressive measures often do not survive the lower courts. While many dismissed Brandeis and his arguments for a right to privacy, in the 1965 Griswold v. Connecticut, Justice William O. Douglas “found that privacy was a ‘penumbral right,’” and established it to be “implicit in the Bill of Rights” (Glazer). If the Fourth Amendment is to continue to protect the citizens from government intrusion, then we cannot continue to “rigidly apply analog-era precedents to digital-era problems” (Cole).
The U.S. government is well known for its numerous surveillance programs, and those that defend them often claim that they are willing to sacrifice some freedoms if it helps catch threats to the country. The fact is, these programs have helped catch potential terrorists, that cannot be denied. There are times, however, when the Fourth Amendment is abused. Take, for example, the case of Agron Hasbajrami, where the US government admitted to warrantlessly spying. Only after reading his emails – without a warrant – was the government able to discover his plans of trying to help a terrorist group in Pakistan. Sacrificing privacy, in the hope of increasing security is a dangerous proposition, where citizens might soon find themselves with little of either. American’s must remain diligent about fighting for increased privacy rights (Toomey). While these incidences are primarily outliers, they can and should be achieved with strictly legal surveillance.
Ultimately, the right to be forgotten has changed the landscape of the digital space in Europe, and is slowly permeating into the U.S., influencing new laws and encouraging lawmakers to question what privacy means to their constituents in the digital age. The U.S. needs to revisit the numerous intrusive government programs it has that currently spy on its citizens both domestic and abroad. The E.U. has created a solid foundation for which the U.S. can look towards and begin to model its laws on, however, given the unique history of the U.S. and its struggle of striking a balance between freedom of speech and privacy, the U.S. will need to pursue new ways to seamlessly adopt these new ideas. In 2018, the E.U. passed the General Data Protection Regulation (GDPR), which goes further than the right to be forgotten in the fight to protect E.U. citizens’ data and privacy online. By 2020, California hopes to emulate these laws with their own California Consumer Privacy Act (CCPA), which was signed in 2018. Technology companies are currently working towards complying with these laws, as to not face hefty crimes. California, with its CCPA and Eraser Law, prove to be an example the U.S. should look towards when creating federal laws to protect all the citizens of the United States.