Earlier this year, I wrote about an interesting case out of the EU’s Court of Justice. That Court ruled that EU nationals have a “right to be forgotten.” Practically it meant that search engines, in this case Google, have to scrub search results that are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they were processed and in the light of the time that has elapsed.”
In the five months since the decision, EU nationals have loudly invoked their right to be forgotten. They have primarily gone to Google’s website and completed Google’s removal request webform.
The form requests some specific pieces of information: (1) the EU country whose law applies to the request, (2) the name searched, (3) the requester’s name and relationship to the search name, (4) the URL for results to be removed, and (5) an explanation as to why the URL is about the name and why it is irrelevant, outdated or otherwise objectionable. Google also asks requesters to submit proof of identity.
As of yesterday, Google had received 149, 824 requests and removed 504,140 URLs. Those half a million removed URLs only represent 58.4% of requests received; Google left in place 41.8% of URLs.
Google seems to have a fairly clear-cut way of dealing with requests, relatively speaking. In its October 15 report, Google listed 15 examples of requests received. Based on that report, Google primarily removed URLs that listed a victim’s name (a rape victim) or persons closely associated with that victim (the spouse of a murder victim). Google left intact search results of individuals who were investigated, arrested or convicted (a financial professional, a clergyman, a politician), and others with some publicly embarrassing results. Some cases were more borderline. For example, a German individual whose private conversation had become public, wanted that search result removed. Google complied with his request. In another case, a doctor had botched a surgical procedure resulting in fallout in which his private information made it onto the Internet. The private information was removed; the information about the botched procedure was not. A third case, of particular interest to lawyers, was a UK man who requested that a link to a news summary of his guilty verdict be removed. UK law determined the man “rehabilitated” therefore, Google acquiesced to his request.
The Google report also lists which sites’ URLs were the most requested. Top 3: Facebook, Profile Engine, and YouTube. Nowhere in the Top 10 – links to newspapers or public records. That fear seems, for now, mitigated.
Yet fundamental problems with the “right to be forgotten” remain. As Avik Roy writes for Forbes.com, the ruling turns Internet intermediaries into Internet censors (though realistically speaking, Google with its secret indexing system already performs a quasi-censorship role). Equally important are the lack of guidelines from the EU. Essentially a governmental body is asking a private, publicly held company to determine by itself what speech counts as “inadequate, irrelevant, no longer relevant or excessive.” And perhaps most troubling is that the ruling applies to all search engines, including LexisNexis, Yahoo and countless others, all of whom have fewer resources than Google does.
All that said, the “right to be forgotten” is still going strong in the EU. What does that mean for us? As Jeffrey Toobin writes in the New Yorker, “In Europe, the right to privacy trumps freedom of speech; the reverse is true in the United States.”
But on January 1, 2015, a California law will go into effect that essentially mimics the EU right to be forgotten for minors. If a minor puts something on the Internet, that minor can request it be removed from the Internet site. This legislation may be the beginning of a European privacy wave reaching toward the U.S. shores. Will Americans welcome it? As Toobin rightly points out, our American right to free speech is sacred. Our right to privacy on the other hand? Significantly less so, but growing stronger in this post-Snowden world. So what do Americans want? Do Americans want a right to be forgotten too?
The answer is “Yes.” A fairly resounding “yes.” Last month, IT security research consultancy Software Advice conducted a random survey of Americans to determine their opinion on the right to be forgotten. The results? 61% of Americans believe in some form of a right to be forgotten. 39% of Americans want the European version, 15% want it only for minors and 6% want it for everyone except for public figures. Conversely, 33% opposed a right to be forgotten. 18% opposed it because they believe that the public record stands resolute, while 15% opposed it because they found it too hard to define relevancy (these 15% were likely all lawyers).
As for those who argue that U.S. First Amendment law is too robust to allow the right to be forgotten to flourish here, security expert Joseph Steinberg had this to say:
“Regarding the first amendment and freedom of speech, there are already restrictions on speech. You can be sued for slander. You can’t scream ‘fire’ in a crowded movie theater. We’ve already restricted credit bureaus’ right to provide certain information based on how old it is, even if it’s true. There should be no problem extending the same requirements to other parties.”
“No problem” might be overstretching it but Mr. Steinberg does have a good point. We have First Amendment limits on a host of things that many would have thought unwieldy and unmanageable. And as I pointed in our previous post, the right to be forgotten does benefit numerous people, particularly minors, who should have irrelevant, outdated and objectionable results removed. Surely there is space in our First Amendment jurisprudence for that. But who should that burden fall on? Google? The website operator? A neutral third party administrator? These are questions that U.S. legislators will have to answer and soon. That privacy wave seems to be crossing the Atlantic and at least 61% of Americans are ready for it to land.