First of 2 parts
HAVE you ever done something that you regretted and wished that people would forget about it? Five years before, Anna had tried posing for an online sexy men’s magazine. After earning her degree in education, Anna applied to various schools in Metro Manila as a teacher, but would always end up getting rejected. Until one day, a company called her for an interview. The first question that the interviewer uttered was, have you ever tried “googling” yourself? Anna was puzzled; she looked at the screen as the interviewer typed in her name in the search box. She was shocked when she saw the image of a young Anna of five years ago, posing coquettishly while wearing a see-through undergarment covering almost nothing.
The Internet—the greatest technological breakthrough—has brought many conveniences to our personal and social lives, to our work, and businesses; it has reshaped our day-to-day activities and the way we connect and communicate worldwide. But the Internet’s relentless growth poses a threat to our privacy. In this Information Age, our reputation is easily exposed to criticism or ridicule by the digital footprints we leave behind when we use the Internet. The Internet is capable of immortalizing information about us through data retention; as they say, the Internet never forgets, thus, making it impossible to move on from one’s embarrassing or damaging past. Anna’s online history caused her loss of employment opportunities, embarrassment, and anxiety. And Anna is only one of the millions of Internet users whose personal information made it to Google and is searchable.
These digital footprints making up our social identity are our personal information—we own it. Therefore, it is only fair that we have control over data and information identifying our individuality. However, the concept of control seems to be far-fetched in this digital era. Considering the massive availability and accessibility of the Internet, does the right to control our personal information still have a place in our society? Can Anna make the internet forget about her ugly past?
Roots in EU right to privacy
The right to be forgotten originated from the European Union as a subset of the fundamental human right of privacy. The cornerstone of this right is founded upon the 1995 European Community Directive on Data Protection, which sets forth the general principles of privacy legislation requiring all EU member-states to create law to ensure the fair and lawful processing of personal data. The right to be forgotten provides individuals the legal mechanism to compel permanent removal of their personal information from online databases. The European Commission (EC) has defined this right as, “the right of individuals to have their data, deleted when they are no longer needed for legitimate purposes.”
The right to be forgotten was contextualized by the European Court of Justice (ECJ) in 2014 in Google Spain SL v. Agenda Española de Proteccion de Datos (Google v. AEPD). The case arose from an article written by a daily newspaper that appeared in Google results in search for Mario Costeja Gozález’s name (“Costeja”).
Embarrassed by the incident, Costeja sought Google to expunge the links to the newspaper stories, so that it would no longer appear in the search results; and requested the newspaper company to remove the pages containing his personal information, so that the personal data relating to him would no longer appear. Costeja argued that the incident about him that was reported in the newspaper had been fully resolved for over a decade and thus, the reference in those newspaper stories were entirely irrelevant. When the case reached the ECJ, a body that functions like the Supreme Court for the EU member-states, it ruled that all citizens of EU member-states have the right to demand from Google to delink items and to erase information about themselves that are inadequate, irrelevant, or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed.
Of course, this raised the question whether the right to be forgotten violated freedom of expression. The ECJ emphasized that the right to be forgotten is not an absolute right that trumps all other fundamental rights. To be clear, the right to be forgotten needs to be balanced against freedom of expression and the press. In Google v. AEPD, the ECJ ordered the delinking of the news article but it did not order the newspaper company to delete it. Therefore, the erasure of personal information will depend on the circumstances and will only apply when the retained personal information is no longer relevant for the original purpose of the processing for which it was collected. Similarly, the right to be forgotten does not always pertain to the erasure of the content but it may narrowly be applied to the mere delinking of the content in search engines, so that data that is no longer relevant will no longer be accessible, thus allowing users to eventually forget the past because of inaccessibility. Google v. AEPD tells us that when an information is truthful and lawfully obtained, the person’s individual privacy rights will not always outweigh the free press.
Different for US
The EU has always been focused on the protection of the individual’s privacy and personal dignity. In the EU perspective, individuals must be given the right to control information about themselves. However, the same is not true in the United States. The US remains adamant about privacy rights as this creates a direct collision with the First Amendment right to free expression and the press; courts tend to tip the scales heavily in favor of free speech. The information privacy laws in the US is described to be a patch-up work because of the lack of comprehensive federal law addressing this. Instead sectoral privacy laws were enacted, e.g., family and education, children, and finance. So to date, the right to be forgotten has remained within the realm of the EU nations.
The EU’s contextualization of the right to be forgotten confirms the following essential points: 1) a search engine’s web-indexing, like that of Google, is considered processing; 2) by providing this search service, it is irrelevant that the data is already available on the Internet and is only indexed and displayed by the company; and 3) Google is a data controller with respect to this web-indexing processing as it determines the means and purposes of the processing operations fueling its search engine.
Another application of the right to be forgotten is to the ex-convicts. These ex-convicts, after having served their sentence, have the right to erase any information relating to their previous criminal conduct, thus allowing them to start a new life.
Without this right, data made available in the Internet will forever tether us to all our past actions, making it impossible to escape.
In a country that is greatly influenced by the American system, does the right to be forgotten find place in the Philippine privacy laws? Does Anna have the right of action to compel the delinking of her embarrassing past and even the removal of her photo from the database of the online sexy magazine? Does Anna have the right to be forgotten?
Apart from the right to privacy of communication and correspondence and the right against unreasonable search and seizure, nowhere in the 1987 Constitution can you find an express provision protecting the right to privacy. However, despite the lack of express declaration, the Supreme Court has recognized that the right to privacy—i.e., the right to be left alone—is a facet of the right protected by the guarantee against unreasonable searches and seizures. The court acknowledged its existence as early as 1968 in Morfe v. Mutuc, where it ruled that the right to privacy exists independently of its identification with liberty; it is in itself fully deserving of constitutional protection.
There are many aspects of privacy: bodily privacy, territorial privacy, communications privacy, and information privacy. Fifty years ago, when the Internet had not yet been invented, informational privacy would not have been an issue. Information privacy is usually defined as the right of individuals to control information about themselves. Today, the accessibility and availability of the Internet, the advancement of various media platforms, business practices, information systems and technology erode the individual’s ability to control his/her privacy and the flow of information about him. Thus, protection of one’s information privacy becomes a necessity as it goes directly to the very heart of the person’s individuality—a sphere as exclusive and as personal to him.
(To be continued tomorrow)