Skip to main content
SpringerLink
Log in

Tracing the Right to Be Forgotten in the Short History of Data Protection Law: The “New Clothes” of an Old Right

  • Chapter
  • First Online:
Reforming European Data Protection Law

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 20))

Abstract

When the European Commission (EC) published its draft Data Protection Regulation (DPR) in early 2012, a swirl of concern hit data controllers regarding the introduction of a sophisticated “right to be forgotten” in the proposal for the future DPR, which was considered to unprecedentedly impact the internet and its economics. Critics and advocates of the right to be forgotten engaged in consistent theoretical debates, doubled by the technical discourse about its (un)feasibility. This paper “deconstructs” the right to be forgotten into the individual prerogatives which are in fact granted to persons. It shows that those prerogatives already exist to an extended degree in EU law, and have existed in the first data protection laws enforced in Europe. In addition, the controversial obligation to inform third parties about the erasure request is a “duty of best efforts” which pertains to controllers and which is significantly different than a duty to achieve a result. Recourse will be made to private law theory to underline this difference.

This paper was submitted for publication before the author joined the EDPS. The opinions expressed in the paper pertain exclusively to the author and do not engage in any way the EDPS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The right to be forgotten, between expectations and practice, European Network and Information Security Agency, published on November 20, 2012, p. 13, accessed September 28, 2013, http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten.

  2. 2.

    See, for instance, Alan Westin, Privacy and Freedom, (New York: Atheneum, 1967); Louis Henkin, “Privacy and autonomy”, Columbia Law Review 74 vol. 8 (1974); Antoinette Rouvroy and Yves Poullet, “The right to informational self-determination and the value of self-development: Reassessing the Importance of Privacy for Democracy”, in Reinventing Data Protection?, ed. Serge Gutwirth et. al., 45–75. Springer Science + Business Media B.V. (2009).

  3. 3.

    Viktor Mayer-Schönberger, delete. The Virtue of Forgetting in the Digital Age, (Princeton University Press, 2009), 11.

  4. 4.

    Martin Hilbert and Priscila Lopez, “The World’s Technological Capacity to Store, Communicate, and Compute Information”, Science 332 (2011): 64. The authors showed that 94 % of the information stored in 1997 was digital.

  5. 5.

    IDC, The Digital Universe in 2020: Big Data, Bigger Digital Shadows, and Biggest Growth in the Far East (2012), accessed September 28, 2013, http://www.emc.com/leadership/digital-universe/iview/executive-summary-a-universe-of.htm.

  6. 6.

    David Gelernter “The End of the Web, Search, and Computer as We Know It”, Wired, 1 February 2013. http://www.wired.com/opinion/2013/02/the-end-of-the-web-computers-and-search-as-we-know-it/ : accessed January 11, 2014.

  7. 7.

    Frits W. Hondius, Emerging Data Protection in Europe (Amsterdam: North-Holland Publishing Company; New York: American Elsevier Publishing Company, 1975), 82.

  8. 8.

    See the press release of the European Commission from January 25, 2012, for the occasion of publishing the proposed reform package for data protection law in the European Union, accessed on September 30, 2013, http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en.

  9. 9.

    Explanatory Memorandum of the Proposal for a Regulation of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Brussels, January 25, 2012, COM(2012) 11 final, 2.

  10. 10.

    Jeffrey Rosen, “The Right to be Forgotten”, 64 Stanford Law Review Online 88 (2012).

  11. 11.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L 281, 23/11/1995 P. 0031 – 0050.

  12. 12.

    Such as Bundesdatenschutzgesetz – the German Federal Law enforced in 1977, Loi relatif a l’informatique, aux fichiers et aux libertes – enforced in France in 1978, the Data Protection Act, adopted in 1984 by the British Parliament, Wet Persoonsregistraties, enforced in the Netherlands in 1989.

  13. 13.

    Such a development can be deemed as being natural, if one would apply the Constructal law of systems, first to the digital universe and second to the law regulating the use of personal data in this system. See Adrian Bejan and Sylvie Lorente, “The constructal law of design and evolution in nature”, Philosophical Transactions of the Royal Society of London 365 (2010): 1335–1347.

  14. 14.

    The Future of Privacy Forum observed in a White Paper that “this extension of extraterritorial application [See Article 3(2) DPR – n.n.] constitutes a dramatic shift from a country of origin to a country of destination approach, and portends general application of the GDPR to the entire Internet”; Omer Tene and Christopher Wolf, Overextended: Jurisdiction and Applicable Law under the EU General Data Protection Regulation White Paper (2013). Available on http://www.futureofprivacy.org/wp-content/uploads/FINAL-Future-of-Privacy-Forum-White-Paper-on-Jurisdiction-and-Applicable-Law-January-20134.pdf, last accessed on 11 January 2014.

  15. 15.

    Cyrus Farivar, “Proposed EU data protection reform could start a trade war, US official says”, ArsTechnica, 1 February, 2013, http://arstechnica.com/tech-policy/2013/01/proposed-eu-data-protection-reform-could-start-a-trade-war-us-official-says/, accessed on 11 January 2014.

  16. 16.

    The first paragraph states that: The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, especially in relation to personal data which are made available by the data subject while he or she was a child, where one of the following grounds applies: (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data; (c) the data subject objects to the processing of personal data pursuant to Article 19; (d) the processing of the data does not comply with this Regulation for other reasons. {The Civil Liberties Committee of the European Parliament added a point (ca) to Article 17(1) of the DPR proposal – “a court or regulatory authority based in the Union has ruled as final and absolute that the data concerned must be erased”. As well, The Working Party on Information Exchange and Data Protection of the European Council, during the process of negotiations on the DPR text, and according to a revised version of the DPR published on 21 June 2013, inserted in the draft proposal a point (e), which states that the data also have to be erased “for compliance with a legal obligation to which the controller is subject” [Council of the European Union, Interinstitutional File 2012/0011 (COD); 11013/13]}.

  17. 17.

    The Civil Liberties, Justice and Home Affairs Committee (LIBE) of the European Parliament adopted on 21 October 2013 the compromise amendments to the DPR proposal. The text resulted from the LIBE vote will be further used in this paper as “the LIBE text”.

  18. 18.

    LIBE Committee – Rapporteur Jan Philipp Albrecht, Draft Report on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (COM(2012)011 – C7-0025/2012 – 2012/0011(COD)), 16.1.2013.

  19. 19.

    Paul Bernal, “The EU, the US and Right to be Forgotten”, in Reloading Data Protection. Multidisciplinary Insights and Contemporary Challenges, eds. S. Gutwirth, R. Leenes, P. de Hert, (Dordrecht, Heidelberg, London, New York: Springer, 2014), 75.

  20. 20.

    Id., at 76.

  21. 21.

    See, for instance, James Wardwell and Stevenson G. Smith “Recovering erased digital evidence from CD-RW disk in a child exploitation investigation”, Digital Investigation Vol. 5, 1–2 (2008): 6–9.

  22. 22.

    The Working Party on Information Exchange and Data Protection (n 16), 97.

  23. 23.

    Bert-Jaap Koops, ‘Forgetting Footprints, Shunning Shadows. A Critical Analysis of the “Right to be Forgotten” in Big Data Practice’, Tilburg Law School Legal Studies Research Paper Series 8 (2012) at 8.

  24. 24.

    Omer Tene and Jules Polonetsky ‘Judged by the Tin Man: Individual Rights in the Age of Big Data’, Journal of Telecommunications and High Technology Law, forthcoming, available at SSRN http://ssrn.com/abstract=2311040, last accessed on 11 January 2014. (2013): 14.

  25. 25.

    Id. at 3.

  26. 26.

    See, for instance, James Q. Whitman, “The Two Western Cultures of Privacy: Dignity Versus Liberty”, Yale Law Journal 113 (2004); Robert Kirk Walker, “The Right to be Forgotten”, Hastings Law Journal 64 (2012): 101–129.

  27. 27.

    Jasmine E. McNealy, “The emerging conflict between newsworthiness and the right to be forgotten”, Northern Kentucky Law Review, vol. 39:2 (2012): 119–135; ‘The law of public disclosure of private facts precludes recovery where the published private information is not of “legitimate public concern.” However, the Restatement offers that the publication is subject to First Amendment protection if the defendant can show that the information is of public concern. Although “of public concern” would obviously anticipate news, it also includes entertainment, film, books, and most anything that stops short of a morbid fascination’ (at 126).

  28. 28.

    See the famous case Von Hanover v. Germany, Application No. 59320/2000, European Court of Human Rights.

  29. 29.

    See, in general, Gert Brüggemeier, Aurora Colombi Ciacchi and Peter O’Callaghan, Personality Rights in European Tort Law, (New York: Cambridge University Press, 2010).

  30. 30.

    Court of Justice of the European Union, Decision of the Court in Joined Cases C-92/09 and C-93/09 Volker und Markus Schecke and Eifert [2010], ECR I-11063, para. 48.

  31. 31.

    Id., para. 52.

  32. 32.

    Gabriela Zanfir, “Forgetting about consent. Why the focus should be on suitable safeguards in data protection law” in Reloading Data Protection. Multidisciplinary Insights and Contemporary Challenges, eds. S. Gutwirth, R. Leenes, P. de Hert, (Dordrecht, Heidelberg, London, New York: Springer, 2014), 246.

  33. 33.

    Opinion of Advocate General Jääskinen delivered on 25 June 2013 in Case C-131/12 Google Spain vs. Agencia Espanola de Proteccion de Datos, para. 113.

  34. 34.

    Opinion of Advocate General Sharpston delivered on 12 December 2013 in Joined Cases C-141/12 and C-372/12, Y.S. v. Minister voor Immigratie and Minister voor Immigratie v. M. and S., para. 70.

  35. 35.

    Explanation relating to the Charter of Fundamental Rights, 2007/C 303/02, OJ 303/17, 14.12.2007 – explanation of Article 8.

  36. 36.

    Meg Leta Ambrose and Jef Ausloos, “The right to be forgotten across the pond”, Telecommunications Policy Research Conference (2012), available on http://ssrn.com/abstract=2032325, last accessed on 11 January 2014. at 7.

  37. 37.

    Ibid.

  38. 38.

    Benedicte Favarque-Cosson and Denis Mazeaud, European Contract Law. Materials for a Common Frame of Reference: Terminology, Guiding Principles, Model Rules, (Munchen: Sellier, 2008), 208.

  39. 39.

    At its 90th session the Governing Council of UNIDROIT (International Institute for the Unification of Private Law) adopted the third edition of the UNIDROIT Principles of International Commercial Contracts (“UNIDROIT Principles 2010”).

  40. 40.

    Comment of Article 5.1.4, UNIDROIT Principles 2010, p. 151, accessed on September 30, 2013, http://www.unidroit.org/english/principles/contracts/principles2010/integralversionprinciples2010-e.pdf.

  41. 41.

    Id.; For instance, according to the comment of Article 5.1.4 in the UNIDROIT Principles 2010 report, this distinction signifies that more will be expected from a highly specialized firm selected for its expertise than from a less sophisticated partner.

  42. 42.

    Christian von Bar and Ulrich Drobnig, The interaction of contract law and tort and property law in Europe. A comparative study, (Munchen: Sellier, 2004), 54.

  43. 43.

    Favarque-Cosson and Mazeaud, European Contract Law, 209.

  44. 44.

    Id.

  45. 45.

    Axel-Volmar Jaeger and Gotz-Sebastian Hok, FIDIC – A Guide for Practitioners. (Heidelberg, Dordrecht, London, New York: Springer, 2010), 21. The authors underline that, for instance, the obligation of an architect or engineer is sometimes said to be obligation de moyens, but in any case its obligations are de resultat in so far as the French decennial liability is concerned.

  46. 46.

    Ole Lando, “Non-Performance (Breach) of Contracts”, in Towards a European Civil Code 3rd ed., eds. Arthur S. Hartkamp et. al. (New York: Kluwer Law International, 2004), 504.

  47. 47.

    The DPR proposal maintains the differentiation between “controller” and “processor” existing under Directive 95/46, defining the “processor” in Article 4(6) as “a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller”.

  48. 48.

    von Bar and Drobnig, The interaction, 148.

  49. 49.

    Ibid.

  50. 50.

    The UK Supply of Goods and Services Act 1982, Section 13.

  51. 51.

    Favarque-Cosson and Mazeaud, European Contract Law, 217.

  52. 52.

    Id.

  53. 53.

    For the history of its enforcement, see Adriana C.M. Nugter, Transborder Flow of Personal Data within EC, (Amsterdam: Springer, 1990), 43.

  54. 54.

    Section 4, Bundesdatenschutzgesetz 1977.

  55. 55.

    Except for scientific purposes; to ameliorate evidentiary difficulties; if it is convincingly necessary in the interest of the data user or a third party; the data subject has given permission. (Section 27(2), corroborated with Section 14(2) third sentence, Bundesdatenschutzgesetz 1977).

  56. 56.

    Section 26 Bundesdatenschutzgesetz 1977. See also Nugter (1990) at 62.

  57. 57.

    Section 20(3) of the German Federal Data Protection Act, as amended in 2009 by Article 1 of the Act of 14 August 2009.

  58. 58.

    Loi relative a l’informatique, aux fichiers et aux libertés, which entered into force in 1978.

  59. 59.

    Article 38, Loi relative a l’informatique, aux fichiers et aux libertés 1978.

  60. 60.

    Wet Persoonsregistraties, enforced in 1989.

  61. 61.

    For a characterization of the Wet Persoonsregistraties see Nugter, Transborder Flow, 145 et. seq.

  62. 62.

    By “unnecessary data”, I mean data which are no more needed for the purposes of their initial processing.

  63. 63.

    See de Hert, “The Case of Anonymity in western political philosophy. Benjamin Constant’s refutation of republican and utilitarian arguments against anonymity” in Digital Anonymity and the Law. Tensions and Dimensions, eds. C. Nicoll, J.E.J Prins, M.J.M. van Dellen, (The Hague: T.M.C. Asser Press, 2003) at 49.

  64. 64.

    It was only after the enactment of The Charter of Fundamental Rights of the European Union, which enshrines the right to the protection of personal data in Article 8, that the purpose of the EU data protection law became clear in that it is more connected with the protection of fundamental rights than with building the European market; See Paul de Hert and Serge Gutwirth, “Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalism in Action”, in Reinventing Data Protection?, eds. Serge Gutwirth, Yves Poullet et al., (Heidelberg: Springer, 2009), 9.

  65. 65.

    For the interventional rights of the data subject, especially with regard to erasure of data, in a general context and also in specific processing contexts, see Lee A. Bygrave, Data Protection Law – Approaching Its Rationale, Logic and Limits, (New York, London, The Hague: Kluwer Law International, 2002), 65–66; Bart van der Sloot and Frederik Zuiderveen Borgesius “Google and Personal Data Protection”, in Google and the Law: Empirical Approaches to Legal Aspects of Knowledge-Economy Business Models, ed. Aurelio Lopez Tarruella, (The Hague: Springer, 2012), 103; Eleni Kosta and Diana M. Bowman, “Implanting implications: Data protection challenges arising from the use of human ICT implants”, in Human ICT Implants: Technical, Legal and Ethical Considerations, eds. Mark N. Gasson, Diana M. Bowman, and Eleni Kosta, (The Hague: Springer, 2012), 106.

  66. 66.

    Spiros Simitis, Collected courses of the Academy of European Law, Vol. VIII – 1, (The Hague: Kluwer Law International, 1997) at 132.

  67. 67.

    Douwe Korff, Data Protection Laws in the European Union, (Federation of European Direct Marketing & Direct Marketing Association, 2005), 97.

  68. 68.

    The duty of consistent interpretation with the provisions of a directive was established by the Court of Justice of the European Union in its decision from September 10, 1984 in Case C-14/83 Von Colson and Kamann, Rep. p. 1891. See also Sacha Prechal, Directives in EC Law, (Oxford: Oxford University Press, 2005), 180–216.

  69. 69.

    The data subject can ask for the “… erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data”.

  70. 70.

    Simitis, Collected courses, 132.

  71. 71.

    Korff, Data Protection Laws, 98.

  72. 72.

    Eleni Kosta, Aleksandra Kuczerawy, Ronald Leenes and Jos Dumortier, “Regulating Identity Management”, in Digital Privacy. PRIMEPrivacy and Identity Management for Europe, eds. Jan Camenisch, Ronald Leenes, Dieter Sommer, (Berlin, Heidelberg: Springer, 2011), 84.

  73. 73.

    Article 7(e) DPD.

  74. 74.

    Article 7(f) DPD

  75. 75.

    Jef Ausloos, “The Right to be Forgotten – Worth Remembering?”, Computers Law and Security Review 28 (2012): 150.

  76. 76.

    Article 7 (a), (b), (c), (d) DPD.

  77. 77.

    Simitis, Collected Courses, 130.

  78. 78.

    Article 267 of the Treaty on the Functioning of the European Union.

  79. 79.

    Case C-131/12, Reference for a preliminary ruling from the Audiencia Nacional (Spain) lodged on 9 March 2012 – Google Spain, S.L., Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González, pending.

  80. 80.

    Audiencia Nacional, Recurso 725/2010, Sala de lo Contencioso-Administrativo. Sección 1ª, from February 2, 2012 (translation of the author).

  81. 81.

    Id. (t.a.).

  82. 82.

    Case C-131/12 (n 79), question 2.3.

  83. 83.

    Ausloos The Right to Be Forgotten, 145. The critique is mainly based on the weakness of consent rules in the DPD, even though the more technical rights to erasure and object are more akin to a right to be forgotten than withdrawal of consent for the ongoing processing, which only produces effects for the future.

  84. 84.

    Ambrose and Ausloos, The Right to Be Forgotten, 7.

  85. 85.

    Opinion of Advocate General Jääskinen delivered on 25 June 2013 in Case C-131/12 Google Spain vs. Agencia Espanola de Proteccion de Datos, para. 108.

  86. 86.

    Id.

  87. 87.

    Id.

  88. 88.

    de Hert, The case of Anonimity, 49.

  89. 89.

    Rosen, The right to be forgotten.

  90. 90.

    According to a study which employed an automated text comparison technique (Wordfish), “the joint texts produced by the (conciliation) committee are more similar to the prior positions of the Council, than that of the Parliament”; “69,3 % close to the Council; 30,1 % close to the Parliament; 0,6 % close to both”; Camilla Mariotto and Fabio Franchino, Explaining Outcomes of Conciliation Committee’s Negotiations, presented at the “Decision-making before and after Lisbon” Workshop (DEUBAL), on November 3–4 2011, University of Leiden. Available on http://www.ces.ufl.edu/documents/pdf/deubal/workshops/2011/FranchinoMariotto_DEUBAL_110411.pdf, last accessed on 11 January 2014.

  91. 91.

    Paulan Korenhof, “Seconds of Distance. An analysis of the audience segregation in space and time with regard to different online impression management issues”, TILT Law and Technology Working Paper 1 (2013): 10.

  92. 92.

    As Gelernter (2013) explains, “this lifestream — a heterogeneous, content-searchable, real-time messaging stream — arrived in the form of blog posts and RSS feeds, Twitter and other chatstreams, and Facebook walls and timelines. Its structure represented a shift beyond the ‘flatland known as the desktop’ (where our interfaces ignored the temporal dimension) towards streams, which flow and can therefore serve as a concrete representation of time”.

References

  • Ambrose, Meg Leta and Ausloos, Jef. 2012. “The right to be forgotten across the pond”, Telecommunications Policy Research Conference, available on http://ssrn.com/abstract=2032325, last accessed on 11 January 2014.

  • Ausloos, Jef. 2012. The Right to be Forgotten – Worth Remembering?, Computers Law and Security Review 28: 143–152.

    Article  Google Scholar 

  • Bejan, Adrian and Lorente, Sylvie. 2010. “The constructal law of design and evolution in nature”, Philosophical Transactions of the Royal Society of London 365: 1335–1347. doi: 10.1098/rstb.2009.0302.

    Article  Google Scholar 

  • Bernal, Paul. 2014. “The EU, the US and Right to be Forgotten”, in Reloading Data Protection. Multidisciplinary Insights and Contemporary Challenges, eds. S. Gutwirth, R. Leenes, P. de Hert eds., 61–77. Dordrecht, Heidelberg, London, New York: Springer.

    Google Scholar 

  • Brüggemeier, Gert, Colombi Ciacchi, Aurelia and O’Callaghan, Peter. 2010. Personality Rights in European Tort Law, New York: Cambridge University Press.

    Google Scholar 

  • Bygrave, Lee A.. 2002. Data Protection Law – Approaching Its Rationale, Logic and Limits. New York, London, The Hague: Kluwer Law International.

    Google Scholar 

  • de Hert, Paul and Gutwirth, Serge. 2009. Data Protection in the Case Law of Strasbourg and Luxemburg: Constitutionalism in Action, in Serge Gutwirth, Yves Poullet et al. (eds.), Reinventing Data Protection?, 3–44. Heidelberg: Springer.

    Chapter  Google Scholar 

  • de Hert, Paul. 2003. “The Case of Anonymity in western political philosophy. Benjamin Constant’s refutation of republican and utilitarian arguments against anonymity” in eds. C. Nicoll, J.E.J. Prins, M.J.M. van Dellen, Digital Anonymity and the Law. Tensions and Dimensions, 4798. The Hague: T.M.C. Asser Press.

    Google Scholar 

  • Farivar, Cyrus. 2013. “Proposed EU data protection reform could start a trade war, US official says”, ArsTechnica, 1 February, http://arstechnica.com/tech-policy/2013/01/proposed-eu-data-protection-reform-could-start-a-trade-war-us-official-says/, accessed on 11 January 2014.

  • Favarque-Cosson, Benedicte and Mazeaud, Denis. 2008. European Contract Law. Materials for a Common Frame of Reference: Terminology, Guiding Principles, Model Rules. Munchen: Sellier.

    Google Scholar 

  • Gelernter, David. 2013. “The End of the Web, Search, and Computer as We Know It”, Wired, 1 February. http://www.wired.com/opinion/2013/02/the-end-of-the-web-computers-and-search-as-we-know-it/ : accessed January 11, 2014.

  • Henkin, Louis. 1974. “Privacy and Autonomy”, Columbia Law Review 74, vol. 8: 1410–1433.

    Google Scholar 

  • Hilbert, Martin and Lopez, Priscila. 2011. “The World’s Technological Capacity to Store, Communicate, and Compute Information”, Science 332: 60–65.

    Article  Google Scholar 

  • Hondius, Frits W.. 1975. Emerging Data Protection in Europe. Amsterdam: North-Holland Publishing Company; New York: American Elsevier Publishing Company.

    Google Scholar 

  • Jaeger, Axel-Volkmar and Hok, Gotz-Sebastian. 2010. FIDIC – A Guide for Practitioners. Heidelberg, Dordrecht, London, New York: Springer.

    Book  Google Scholar 

  • Koops, Bert-Jaap. 2012. ‘Forgetting Footprints, Shunning Shadows. A Critical Analysis of the “Right to be Forgotten” in Big Data Practice’, Tilburg Law School Legal Studies Research Paper Series 8.

    Google Scholar 

  • Korenhof, Paulan. “Seconds of Distance. An analysis of the audience segregation in space and time with regard to different online impression management issues”, TILT Law and Technology Working Paper 1 (2013), 10.

    Google Scholar 

  • Korff, Douwe. 2005. Data Protection Laws in the European Union. Federation of European Direct Marketing & Direct Marketing Association.

    Google Scholar 

  • Kosta, Eleni and Bowman, Diana M.. 2012. “Implanting implications: Data protection challenges arising from the use of human ICT implants”, in eds. Mark N. Gasson, Diana M. Bowman, and Eleni Kosta, Human ICT Implants: Technical, Legal and Ethical Considerations, 97–113. The Hague: Springer.

    Google Scholar 

  • Kosta, Eleni, Kuczerawy, Aleksandra, Leenes, Ronald and Dumortier, Jos. 2011. Regulating Identity Management, in eds. Jan Camenisch, Ronald Leenes, Dieter Sommer, Digital Privacy. PRIMEPrivacy and Identity Management for Europe, 73–90. Berlin, Heidelberg: Springer.

    Google Scholar 

  • Lando, Ole. 2004. “Non-Performance (Breach) of Contracts”, in eds. Arthur S. Hartkamp et. al., Towards a European Civil Code 3rd ed, 504–515. New York: Kluwer Law International.

    Google Scholar 

  • Mariotto, Camilla and Franchino, Fabio. 2011. Explaining Outcomes of Conciliation Committee’s Negotiations, presented at the “Decision-making before and after Lisbon” Workshop (DEUBAL), on November 3–4 2011, University of Leiden. Available on http://www.ces.ufl.edu/documents/pdf/deubal/workshops/2011/FranchinoMariotto_DEUBAL_110411.pdf, last accessed on 11 January 2014.

  • Mayer-Schönberger, Viktor. 2009. delete. The Virtue of Forgetting in the Digital Age. Princeton University Press.

    Google Scholar 

  • McNealy, Jasmine E..2012. “The emerging conflict between newsworthiness and the right to be forgotten”, Northern Kentucky Law Review, vol. 39:2: 119–135.

    Google Scholar 

  • Nugter, Adriana C.M.. 1990. Transborder Flow of Personal Data within EC. Amsterdam: Springer.

    Google Scholar 

  • Prechal, Sacha. 2005. Directives in EC Law. Oxford: Oxford University Press.

    Google Scholar 

  • Rosen, Jeffrey. 2012. “The Right to be Forgotten” 64 Stanford Law Review Online 88.

    Google Scholar 

  • Rouvroy, Antoinette and Poullet, Yves. 2009. “The Right to Informational Self-Determination and the Value of Self-Development: Reassessing the Importance of Privacy for Democracy,” in Reinventing Data Protection?, ed. Serge Gutwirth et. al., 45–75. Springer Science + Business Media B.V.

    Google Scholar 

  • Simitis, Spiros. 1997. Collected courses of the Academy of European Law, Vol. VIII – 1. The Hague: Kluwer Law International.

    Google Scholar 

  • Tene, Omer and Wolf, Christopher. 2013. Overextended: Jurisdiction and Applicable Law under the EU General Data Protection Regulation White Paper. Available on http://www.futureofprivacy.org/wp-content/uploads/FINAL-Future-of-Privacy-Forum-White-Paper-on-Jurisdiction-and-Applicable-Law-January-20134.pdf, last accessed on 11 January 2014.

  • Tene, Omer and Polonetsky, Jules. 2013. ‘Judged by the Tin Man: Individual Rights in the Age of Big Data’, Journal of Telecommunications and High Technology Law, forthcoming, available at SSRN http://ssrn.com/abstract=2311040, last accessed on 11 January 2014.

  • van der Sloot, Bart and Zuiderveen Borgesius, Frederik. 2012. Google and Personal Data Protection, in ed. Aurelio Lopez Tarruella, Google and the Law: Empirical Approaches to Legal Aspects of Knowledge-Economy Business Models, 75–111. The Hague: Springer.

    Google Scholar 

  • von Bar, Christian and Drobnig, Ulrich. 2004. The interaction of contract law and tort and property law in Europe. A comparative study. Munchen: Sellier.

    Google Scholar 

  • Walker, Robert Kirk. 2012. “The Right to be Forgotten”, Hastings Law Journal 64: 101–129.

    Google Scholar 

  • Wardwell, James and Smith, G. Stevenson. 2008. “Recovering erased digital evidence from CD-RW disk in a child exploitation investigation”, Digital Investigation Vol. 5, 1–2: 6–9.

    Article  Google Scholar 

  • Westin, Alan F. 1967. Privacy and Freedom. New York: Atheneum.

    Google Scholar 

  • Whitman, James Q..2004. “The Two Western Cultures of Privacy: Dignity Versus Liberty”, Yale Law Journal, 113: 1151 – 1194.

    Article  Google Scholar 

  • Zanfir, Gabriela. 2014. “Forgetting about consent. Why the focus should be on suitable safeguards in data protection law” in Reloading Data Protection. Multidisciplinary Insights and Contemporary Challenges, eds. S. Gutwirth, R. Leenes, P. de Hert eds., 237–257. Dordrecht, Heidelberg, London, New York: Springer.

    Google Scholar 

Download references

Acknowledgements

I would like to thank the CPDP reviewers for their comments and suggestions for the improvement of this paper.

Disclaimer The opinions expressed in the paper pertain exclusively to the author and do not engage in any way the EDPS.

Author information

Authors and Affiliations

  1. Brussels, Belgium

    Gabriela Zanfir (Legal Officer, European Data Protection Supervisor)

Authors
  1. Gabriela Zanfir
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gabriela Zanfir .

Editor information

Editors and Affiliations

  1. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Serge Gutwirth

  2. Tilburg Institute for Law, Technology, and Society (TILT), Tilburg University, Tilburg, The Netherlands

    Ronald Leenes

  3. Law, Science, Technology & Society (LSTS), Faculty of Law and Criminology at the Vrije Universiteit Brussel, Brussels, Belgium

    Paul de Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Zanfir, G. (2015). Tracing the Right to Be Forgotten in the Short History of Data Protection Law: The “New Clothes” of an Old Right. In: Gutwirth, S., Leenes, R., de Hert, P. (eds) Reforming European Data Protection Law. Law, Governance and Technology Series(), vol 20. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-9385-8_9

Download citation

Publish with us

Policies and ethics

Search

Navigation