One of the principle aims of rights in general is to put power into the hands of individuals, power that can and should restrict the actions of those who might oppress, abuse or take advantage of those individuals.
That kind of transfer of power, that kind of re-balancing, could have possibilities to redress the current imbalance over personal data – and to help to re-establish at least some of the control that people both have lost and feel that they have lost.
Granting one group rights imposes duties on others. As noted at the start of this blog, as the European Commission spells it out, though individuals do not currently have a ‘right’ to be forgotten, it can be argued that those holding the data do currently have a duty to ‘forget’ them. All that the right to be forgotten consists of, in the simple form as set out in the Communication, is ‘the right of individuals to have their data no longer processed and deleted when they are no longer needed for legitimate purposes’. As noted above, data minimisation already requires those holding data not to hold it any longer than is necessary – so they already have a duty to delete it as soon as it is no longer needed. Considered that way, the right to be forgotten is simply putting the ‘rights’ side of an existing principle: allowing individuals to demand that those holding data fulfil their existing obligations.
Not the right to be forgotten – but the right to delete
In the context of the holding of data, this re-balancing could and should mean that the default concerning data should be that individuals do have the right to delete data connected to them, and that those that wish to retain data need to justify their holding rather than the reverse.
How would this kind of right differ from the right to be forgotten which, as discussed in Section 1 above has many problems and would be very hard to establish? The first difference arises through the difference in names: calling it the right to delete rather than the right to be forgotten indicates a difference both in focus and in effect. The intention of the right should not be to allow people to erase or edit their ‘history’, but to control the data that is held about them.
Exceptions to the right to delete
The second and more important difference is in the use of the exceptions to the right, which set out when data should not be able to be deleted. There are five principle categories of reason for which data might need to be preserved regardless of an individual’s wishes to delete it – where the presumption should be in favour of retention rather than deletion.
1 Paternalistic reasons – where it is in the individual’s interest that the data is kept, and society can override the individual’s desire. The primary example of this is medical data;
2 Communitarian reasons – where it is in the community’s interest that the data is kept. This might include criminal records, for example;
3 Administrative or economic reasons – where the economic or administrative needs of society require records to be kept. This could include tax records, electoral rolls and so forth;
4 Archival reasons – for keeping a good, accurate and useful historical record of events. This might include newspaper archives, blogs and so forth.
5 Security reasons – where the data is deemed to be needed for security purposes. This might include records of criminal investigations, or such communications records as are set out in data retention laws.
These exceptions should also deal with the key objections to the right to be forgotten discussed at the start of this blog. The archival exceptions would prevent the right being used in any real way to ‘rewrite’ or ‘erase’ history – and allay the real fears of journalists that the right could be used to gag or censor them. Data is not synonymous with history: the right to delete could not be used to remove a record of where someone went to school, but it could be used to delete the record of what breakfast cereal they bought from an online supermarket or which websites they browsed one particular morning.
The availability of the archival exception would depend not just on the nature of the data concerned but also the nature of the service or database in which it is contained. In terms of the school that someone went to, for example, the school itself or by the relevant local authority would be able to avail themselves of the archival exception, but a social networking site or similar kind of system would not. The function of Facebook’s databases is not the maintenance of an accurate, useful historic record, but a current and potentially profitable social networking service.
It should be specifically stated that ‘supporting your business model’ should not be a sufficient reason to deny data deletion – though privacy cannot necessarily be allowed to trump security, or indeed free expression, it certainly should not be allowed to be trumped by the desire or possibility of making money.
A right to delete is something that should be considered very seriously given the current state of affairs of the internet. Rather than being an instrument of censorship, a restriction of freedom of expression or an attempt to erase or edit history, the right to delete can be seen as a change in the focus of data protection, one to the benefit of individuals.
It would work as an extension and better implementation of data protection principles, first of all by extending data access rights. This could provide a boost for the concept of ‘privacy by design’: if the holder of data has to provide a means for a user to delete data, they must first provide fast and understandable access to that data, and to do this properly would mean taking data privacy into account right from the start.
It could give individuals the possibility of more control over their data and hence more autonomy. It could directly reduce the amount of data that is held – and hence that is vulnerable – as individuals exercise their right to delete. More importantly, it could force those holding data to justify why they’re holding it – in such a way that the data subjects understand, for if data subjects cannot understand why the data is wanted, they might simply delete it. If there is benefit, and that benefit is made clear, why would an individual wish to delete that data? Most importantly of all, the fact that data could be deleted at any time could encourage the development of business models that do not rely on the holding of so much personal data.
This last point is perhaps the key to the next stage of development of the internet insofar as privacy is concerned. The amount of data removed by the direct exercise of a right to delete is likely to be insignificant compared to the reduction in data held as a result of any potential changes in business models, particularly if the right to delete is accompanied by equivalent changes in terms of the gathering and processing of data. Over the last decade it has been the shift towards the business models of those such as Google and Facebook that has changed the face of the internet. If the next such shift is one that favours privacy and autonomy, that could be to the benefit of all.
Paul Bernal is a lecturer at the UEA Law School and a member of media@UEA. He blogs at the Symbiotic Web blog and tweets as @paulbernalUK.
This post is based on Paul’s academic article ‘A right to delete?’, published in the European Journal of Law and Technology, Volume 2 No. 2, 2011, accessible here.