Despite what you see on TV and in the movies, libraries do not just hand over people’s reading records to any guy who walks in off the street and says he’s a detective. In fact, in Ohio the law specifies that, “A library shall not release any library record or disclose any patron information….” But what if you choose to purchase your reading materials over the Internet? Or even just download free ebooks? Even if the website promises to keep your information private, is that actually possible? In Europe, a proposed “right to be forgotten” may be doomed before it even starts because of the nature of the Internet.
- Report by European body cautious about “right to be forgotten” (Technollama/Andres Guadamuz) “‘The right to be forgotten’ is one of the elements of the new proposed regulation [pdf] (January 2012) on data protection of the European Commission. The right allows people to ask for digitally held personal information to be deleted. The regulation is still to be adopted by the European Parliament. Therefore the EU’s ‘cyber security’ Agency ENISA is launching its new report covering the technical aspects of ‘being forgotten’, as technology and information systems play a critical role in enforcing this right.”
- The right to be forgotten – between expectations and practice [links to full report, pdf] (European Network and Information Security Agency) “In a completely open system like the (vast) public portion of today’s world-wide web, anyone can make copies of a public data item and store them at arbitrary locations. Moreover, the system does not account for the number, owner or location of such copies. In such an open system it is not generally possible for a person to locate all personal data items (exact or derived) stored about them; it is difficult to determine whether a person has the right to request removal of a particular data item; nor does any single person or entity have the authority or jurisdiction to effect the deletion of all copies. Therefore, enforcing the right to be forgotten is impossible in an open, global system, in general.”
- Why big data could sink Europe’s ‘right to be forgotten’ (GigaOM/David Meyer) “If data gets aggregated and crunched by analytics software, you can’t say in all cases that the process can’t be reverse-engineered, particularly when you’re correlating different sets of derived data. But getting it out is, well, a challenge. This isn’t the only problem ENISA’s identified.”
- Facebook: Proposed EU ‘right to be forgotten’ raises “major concerns” over freedom of expression online (The Next Web/Martin Bryant) “While it’s easy to paint Facebook as a bad guy for speaking out against new data protection laws, the voice of social networks is important in considering any such legislation lest we end up with a clunkier, more frustrating version of the social Web thanks to overly zealous legislators in Brussels.”
The ENISA report identifies three levels of “forgetting”: strict, in which all copies of personal data are erased to the point where recovering the data is impossible; slightly weaker, which would allow encrypted copies of the data to survive, as long as they can only be deciphered by authorized parties; and even weaker, in which data could survive, as long as it would no longer appear in public indices, database query results, or search engine results.