Skip to main content

Timing the Right to Be Forgotten: A Study into “Time” as a Factor in Deciding About Retention or Erasure of Data

Part of the Law, Governance and Technology Series book series (ISDP,volume 20)

Abstract

The so-called “Right to Be Forgotten or Erasure” (RTBF), article 17 of the proposed General Data Protection Regulation, provides individuals with a means to oppose the often persistent digital memory of the Web. Because digital information technologies affect the accessibility of information over time and time plays a fundamental role in biological forgetting, ‘time’ is a factor that should play a pivotal role in the RTBF. This chapter explores the roles that ‘time’ plays and could play in decisions regarding the retention or erasure of data. Two roles are identified: (1) ‘time’ as the marker of a discrete moment where the grounds for retention no longer hold and ‘forgetting’ of the data should follow and (2) ‘time’ as a factor in the balance of interests, as adding or removing weight to the request to ‘forget’ personal information or its opposing interest. The chapter elaborates on these two roles from different perspectives and highlights the importance and underdeveloped understanding of the second role.

Keywords

  • The right to be forgotten
  • Data protection
  • Privacy
  • Internet
  • Time

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-94-017-9385-8_7
  • Chapter length: 31 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   129.00
Price excludes VAT (USA)
  • ISBN: 978-94-017-9385-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Hardcover Book
USD   169.99
Price excludes VAT (USA)
Fig. 7.1
Fig. 7.2
Fig. 7.3

Notes

  1. 1.

    Cf. generally Mayer-Schönberger 2009.

  2. 2.

    Cf. Ambrose 2012.

  3. 3.

    As mentioned, time and space are related, but we will primarily focus on time.

  4. 4.

    Rosen 2010.

  5. 5.

    Mayer-Schönberger 2009.

  6. 6.

    De Andrade 2012, p. 127.

  7. 7.

    The provision was introduced in the European Commission’s “Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data”, COM(2012)11 final of 25 January 2012.

  8. 8.

    Rosen 2012.

  9. 9.

    Cf. De Andrade 2012, Mayer-Schonberger 2009.

  10. 10.

    Sutton 2012.

  11. 11.

    Anderson et al. 2009, p. 5.

  12. 12.

    Anderson et al. 2009, p. 5.

  13. 13.

    Clark 2003, pp. 74–75.

  14. 14.

    Clark 2003, p. 78.

  15. 15.

    Mayer-Schönberger 2009, p. 67.

  16. 16.

    Van den Berg and Leenes 2010, p. 1112.

  17. 17.

    Vafopoulos 2012, p. 411.

  18. 18.

    Sparrow et al. 2011, p. 776.

  19. 19.

    Sparrow et al. 2011.

  20. 20.

    Wegner 1986, p. 185.

  21. 21.

    Wegner 1986, p. 186.

  22. 22.

    Wegner 1986, p. 188.

  23. 23.

    Wegner 1986, p. 188.

  24. 24.

    Wegner 1986, p. 188.

  25. 25.

    Wegner 1986, p. 191.

  26. 26.

    Sparrow et al. 2011, p. 776.

  27. 27.

    Concise Oxford English Dictionary, 11th Edition.

  28. 28.

    Dudai 2004, pp. 100–101.

  29. 29.

    Dudai 2004, pp. 100/101.

  30. 30.

    Dudai 2004, pp. 100–101.

  31. 31.

    Dudai 2004, pp. 100–101.

  32. 32.

    Ambrose 2012, p. 390.

  33. 33.

    Szekely 2012, p. 349.

  34. 34.

    For example, Mayer-Schönberger (2009) who was not the first but perhaps the most influential in realizing these changes, or Szekely (2012) who extended the framework of scholarly analysis to literary dimensions.

  35. 35.

    Hadziselimovic et al. 2014.

  36. 36.

    “The Social Network” (Columbia Pictures 2010, http://www.imdb.com/title/tt1285016/), quoted in Ambrose 2012 (Mark Zuckerberg is explained how permanent and harmful this aspect of the Internet is by his girlfriend, as she breaks up with him).

  37. 37.

    Gladney 2007, p. 10.

  38. 38.

    MacLean et al. 1998.

  39. 39.

    Rosenzweig 2011.

  40. 40.

    Feeney 1999.

  41. 41.

    Ambrose 2013, citing: Gomes and Silva 2006.

  42. 42.

    Koehler 2004.

  43. 43.

    A particular problem with relying on natural decay is that data disappears from the Web at the whim of the data controller, not the data subject or the public. Valuable data is lost everyday while innocuous and harmful data remains. See Ambrose 2012.

  44. 44.

    Ambrose 2012.

  45. 45.

    In fact there exist computer-assisted forgetting tools and technologies, from specific Privacy Enhancing Technologies (PETs) to user-centric identity management systems, however, their capacity and spheres of use differ greatly and they are far from being commonly used.

  46. 46.

    Ambrose and Ausloos 2013.

  47. 47.

    Columbia Pictures 1997, http://www.imdb.com/title/tt0119654/.

  48. 48.

    Graux et al. 2012.

  49. 49.

    Ambrose and Ausloos 2013.

  50. 50.

    Delfi AS v Estonia, ECtHR, Application nr. 64569/09, 10 October 2013.

  51. 51.

    Delfi AS v Estonia, ECtHR, Application nr. 64569/09, 10 October 2013, N92, pp. 108–109.

  52. 52.

    Österreichischer Rundfunk v Austria, ECtHR, Application nr. 35841/02, 7 December 2006.

  53. 53.

    Eventually, it was decided though, that the national court had given too much weight to the time-element. n°69 “The domestic courts attached great weight to the time-element, in particular to the long lapse of time since Mr S.’s conviction, but did not pay any particular attention to the fact that only a few weeks had elapsed since his release.”

  54. 54.

    Editions Plon v. France, ECtHR, Application nr. 58148/00, 18 May 2004.

  55. 55.

    Article 29 Working Party, Opinion 15/2011 on the definition of consent 01197/11/EN WP187, at 33. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf.

  56. 56.

    Article 29 Working Party, Opinion 03/2013 on purpose limitation, 00569/13/EN WP203, pages 19–20.

  57. 57.

    The Working Party further elaborates that legitimacy also has to be tested against: “all forms of written and common law, primary and secondary legislation, municipal decrees, judicial precedents, constitutional principles, fundamental rights, other legal principles, as well as jurisprudence, as such ‘law’ would be interpreted and taken into account by competent courts.

    Within the confines of law, other elements such as customs, codes of conduct, codes of ethics, contractual arrangements, and the general context and facts of the case, may also be considered when determining whether a particular purpose is legitimate. This will include the nature of the underlying relationship between the controller and the data subjects, whether it be commercial or otherwise.”

  58. 58.

    CJEU C-131/12, still pending at the time of writing. This case involved a Spanish individual that had been subject to bankruptcy proceedings in the nineties. Spanish law required a local newspaper (LaVanguardia) to publish information on the public auction resulting from the bankruptcy. Upon digitizing its archive, links to this information popped up in Google Search results when entering the individual’s name. The individual addressed himself to the Spanish data protection authority, requesting the removal of the article and search results. The DPA denied the request vis-à-vis the newspaper (as it had a legal obligation to publish the information in the first place) but did order Google to remove the link from its search results. The search giant appealed and the Audiencia Nacional referred some of the questions raised to the CJEU.

  59. 59.

    Some say that the market may take care of the problems the RTBF seeks to address. Google’s Eric Schmidt, for instance, writes that employing the services of an “identity manager” to maintain one’s online presence will be “the new normal for the prominent and those who aspire to be prominent” (Schmidt 2013). Reputation services, as these identity managers are often called, can be paid by data subjects to move search results to pages beyond the effort of most searches. In order to move pages with content detrimental to the data subject to such an obscure rank, reputation services will flood the Web with content about the data subject. We find this solution to the problem unsatisfying for three reasons. The reputation service requires that a mass amount of data be presented about an individual, which is a problematic solution for anyone seeking to be ‘left alone.’ Additionally, these services are constantly battling search engines who do not appreciate their systems being gamed. Finally, this practice represents poor treatment of such a valuable information source. The only option for data subjects should not be to dilute the Internet with fluff.

  60. 60.

    Judgment – 08/04/2014 – Digital Rights Ireland and Seitlinger and Others Case C-293/12 (Joined Cases C-293/12, C-594/12), http://curia.europa.eu/juris/document/document.jsf?text=&docid=150642&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=52531.

  61. 61.

    Smartphones manufactured and purchased in Japan or South Korea have this well-known feature, and lawmakers seem to have declared programs disabling the shutter sound illegal, see for example http://www.unwiredview.com/2012/04/20/south-korea-to-ban-cameraphone-shutter-sound-removers/ or http://news.asiaone.com/News/Latest+News/Science+and+Tech/Story/A1Story20111214-316106.html.

  62. 62.

    As a main rule, the media can record such information under prior consent of the people concerned, however, there are some exceptions when asking for prior consent would spoil the situation. In such cases consent should be obtained right after the recording is made, on the spot – and if the consent is not given by the subjects, the recording should be deleted immediately. Well-known examples of such a situation are the candid camera type programs, when only those recordings can be seen on television, which the victimized subjects consented to after realizing the fact of recording (and that is why all such broadcasted episodes end with laughter, and not with angry reactions).

  63. 63.

    Privacy and Identity Management for Europe, http://www.prime-project.eu. See also Camenisch et al. 2011.

  64. 64.

    Mayer-Schönberger 2009.

  65. 65.

    A practical application of this notion can be found in the popular social media application Snapchat, where users can upload images (“Snaps”) that are visible to recipients for a period from 1 to 10 seconds to be decided by the poster.

  66. 66.

    For instance, art. 2a of the Data Protection Directive 95/46/EC limits personal data to natural persons, which ties the scope to legal personality in civil law. In civil law legal personality terminates at death. See also Art. 29 Working Party Opinion 4/2007 on the concept of personal data, 01248/07/EN, WP136, p. 22. The Working Party discusses some special cases where data of the deceased indirectly receive some protection.

  67. 67.

    In the age of Facebook profiles, avatars and Internet archives this fading of personal nature is less and less obvious, and the questions of post-mortem privacy has become a growing research area, see for example Harbinja 2013 and Edwards and Harbinja 2013.

  68. 68.

    See the declaration of the Association of French Archivists 2013.

  69. 69.

    Weber 2011.

  70. 70.

    DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION on the proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (COM(2012)0011 – C7-0025/2012 – 2012/0011(COD)) adopted in the first reading of the Parliament on 12 March 2014.

  71. 71.

    Hill 2009, p. 57.

  72. 72.

    See Ambrose 2012, p. 413 for examples taken from http://google.com/Trends.

  73. 73.

    “Newsworthiness” varies across jurisdictions. See e.g., Time, Inc. v. Hill, 385 U.S. 374 (1967); Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975); Florida Star v. B.J.F., 491 U.S. 524 (1989); C. von Hannover v. Germany, ECHR, 26/4/2004, Rec. 2004-VI 40 EHRR 1; Schwabe v. Austria, ECHR, 28/8/1992, A 242-B.

  74. 74.

    See Ambrose 2012 and Sartor 2014.

  75. 75.

    Cf. the Google Spain case referred to in section 3 (footnote 50).

  76. 76.

    For further discussion of the information life cycle, see Ambrose supra note 6.

  77. 77.

    “Wikipedia: Biographies of living persons – Wikipedia, the free encyclopedia,”http://en.wikipedia.org/wiki/Wikipedia:Biographies_of_living_persons#Presumption_in_favor_of_privacy.

  78. 78.

    “Talk: Star Wars Kid,” Wikipedia, http://en.wikipedia.org/wiki/Talk:Star_Wars_Kid.

  79. 79.

    “Wikipedia: Notability,” Wikipedia, http://en.wikipedia.org/wiki/Wikipedia:Notability.

  80. 80.

    Id.

  81. 81.

    “Wikipedia talk: Talk pages not indexed by Google,” Wikipedia,

    http://en.wikipedia.org/wiki/Wikipedia_talk:Talk_pages_not_indexed_by_Google.

  82. 82.

    For instance, the Internet Archive does not offer full-text search functionality on the site, but Google has performed a complete crawl of the site allowing the archive to be searched using Google’s “site:” feature. The Internet Archive also has detailed instructions for using robots.txt to prevent crawls and removal policy where the technical solution is not possible. “Removing Documents from the Wayback Machine,” Internet Archive, at http://archive.org/about/exclude.php.

  83. 83.

    Ambrose 2013.

  84. 84.

    The video recording of the panel discussion and the presentations of the participants are available on the conference website, http://www.cpdpconferences.org/

References

  • Ambrose, M.L. (2012). It’s about time: Privacy, information lifecycles, and the right to be forgotten. Stanford Technology Law Review, 16, 369–422.

    Google Scholar 

  • Ambrose, M.L. (2013). Speaking of Forgetting: Analysis of Possible Non-EU Responses to the Right to be Forgotten and Speech Exception. In TPRC 41: The 41 st Research Conference on Communication, Information and Internet Policy.

    Google Scholar 

  • Ambrose, M. L., & Ausloos, J. (2013). The Right to be Forgotten Across the Pond. Journal of Information Policy, 3.

    Google Scholar 

  • Anderson, M., Eysenck, M.W., Baddeley, A. (2009). Memory, London: Psychology Press.

    Google Scholar 

  • Andrade, De, N.N.G. (2012). Oblivion, the right to be different from oneself. Reproposing the right to be forgotten. VII International Conference on Internet, Law & Politics. Net Neutrality and other challenges for the future of the Internet”, IDP. Revista de Internet, Derecho y Política, 13, 122–137.

    Google Scholar 

  • Association of French Archivists (2013). The European Parliament: Adjourn the adoption of the regulation about personal data. Retrieved from https://www.change.org/petitions/the-european-parliament-adjourn-the-adoption-of-the-regulation-about-personal-data

  • Berg, Van den, B. & Leenes, R. (2010). Audience segregation in social network sites. Social Computing (SocialCom), 2010 IEEE Second International Conference on Social Computing/Second IEEE International Conference on Privacy, Security, Risk and Trust). Minneapolis: IEEE, 11111117.

    Google Scholar 

  • Camenisch, J., Leenes, R.E. & Sommer, D. (Eds.), Digital Privacy: PRIME – Privacy and Identity Management for Europe. Heidelberg | Dordrecht: Springer.

    Google Scholar 

  • Clark, A. (2003). Natural-born cyborgs: Minds, technologies, and the future of human intelligence, Oxford: Oxford University Press.

    Google Scholar 

  • Draft Report (2012). 2012/0011 (COD). Retrieved from http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf.

  • DuDai, Y. (2004). Memory from A to Z. Oxford: Oxford University Press (2004).

    Google Scholar 

  • Edwards L., & E. Harbinja (2013). Protecting Post-Mortem Privacy: Reconsidering the Privacy Interests of the Deceased In A Digital World. Cardozo Arts & Ent LJ, 32, 83–377.

    Google Scholar 

  • Feeney, M. (Ed.) (1999). The Digital Culture: Maximising the Nation’s Investment (A Synthesis of JISC/NPO Studies on the Preservation of Electronic Materials). London.

    Google Scholar 

  • GDPR (2012). Proposal for a General Data Protection Regulation, COM(2012) 11 final, 25.1.2012. Retrieved from http://ec.europa.eu/justice/dataprotection/document/review2012/com_2012_11_en.pdf.

  • Gladney, H. M. (2007). Preserving digital information (pp. I-XXIII). Berlin: Springer.

    Google Scholar 

  • Gomes, D. & Silva, M. J. (2006). Modelling Information Persistence on the Web, in Proceedings of the 6th International Conference on Web Engineering. ICWE’06.

    Google Scholar 

  • Graux, H., Ausloos, J., & Valcke, P. (2012). The Right to Be Forgotten in the Internet Era. The Debate on Privacy and Security over the Network: Regulation and Markets, 93–106.

    Google Scholar 

  • Hadziselimovic, N., Vukojevic, V., Peter, F., Milnik, A., Fastenrath, M., Fenyves, B. G., … & Stetak, A. (2014). Forgetting Is Regulated via Musashi-Mediated Translational Control of the Arp2/3 Complex. Cell, 156(6), 1153–1166.

    CrossRef  Google Scholar 

  • Harbinja, E. (2013). Does the EU data protection regime protect post-mortem privacy and what could be the potential alternatives? SCRIPTed, Vol. 10, Issue 1. Retrieved from http://script-ed.org/?p=843

  • Hill, D. G. (2009). Data protection: Governance, risk management, and compliance. CRC Press.

    Google Scholar 

  • Husovec, M. (2014). ECtHR rules on liability of ISPs as a restriction of freedom of speech. Journal of Intellectual Property Law & Practice, 9(2), 108–109.

    CrossRef  Google Scholar 

  • Koehler, W. (2004). A longitudinal study of Web pages continued: a consideration of document persistence. Information Research, 9(2).

    Google Scholar 

  • Korenhof, P. (2014) Forgetting bits and pieces: an exploration of the “right to be forgotten” as implementation of “forgetting” in online memory processes. In IFIP Advances in Information and Communication Technology series, volume 0421. Springer.

    Google Scholar 

  • MacLean, M., & Davis, B. H. (Eds.). (1998). Time & bits: managing digital continuity. Getty Publications.

    Google Scholar 

  • Mayer-Schönberger, V. (2009). Delete: The virtue of forgetting in the digital age. Princeton: Princeton University Press.

    Google Scholar 

  • Rosen, J. (2010). The web means the end of forgetting. The New York Times, 21.

    Google Scholar 

  • Rosen, J. (2012). The right to be forgotten. Stanford law review online, 64, 88.

    Google Scholar 

  • Rosenzweig, R. (2011). Clio Wired: The future of the past in the digital age. Columbia University Press.

    Google Scholar 

  • Sartor, G. (2014). The right to be forgotten: dynamics of privacy and publicity. In L. Floridi (Ed.), The protection of information and the right to privacy. Springer.

    Google Scholar 

  • Schmidt, E. (2013). New Digital Age, John Murray Publishers.

    Google Scholar 

  • Sparrow, B., Liu, J., & Wegner, D.M. (2011). Google effects on memory: Cognitive consequences of having information at our fingertips. Science 333.6043, 776–778.

    CrossRef  Google Scholar 

  • Sutton, J. (2010). Memory. In: The Stanford Encyclopedia of Philosophy (Winter 2012 Edition), Edward N. Zalta (ed.), http://plato.stanford.edu/archives/win2012/entries/memory/ (last accessed 11 September 2014).

  • Szekely, I. (2012). The right to forget, the right to be forgotten; Personal reflections on the fate of personal data in the information society. In S. Gutwirth, R. Leenes, P. De Hert and Y. Poullet (Eds.), European data protection: In good health? (pp. 347–363). Dordrecht: Springer.

    CrossRef  Google Scholar 

  • Vafopoulos, M. (2012). Being, space, and time on the web. Metaphilosophy 43.4, 405–425.

    CrossRef  Google Scholar 

  • Weber, R. (2011). The Right to be Forgotten: More than a Pandora’s Box? In 2 JIPITEC 120, 121. Retrieved from http://www.jipitec.eu/issues/jipitec-2-2-2011/3084/jipitec%202%20-%20a%20-%20weber.pdf.

  • Wegner, D.M. (1986). Transactive memory: A contemporary analysis of the group mind. In B. Mullen & G. R. Goethals (Eds.), Theories of group behavior (pp. 185–208). New York: Springer-Verlag.

    Google Scholar 

Download references

Acknowledgments

This paper originates from the “Timing the Right to Be Forgotten” panel-discussion at the Computers, Privacy and Data Protection conference (CPDP) in Brussels 2014Footnote 84 organized by the Tilburg Institute for Law, Technology, and Society (TILT). We therefore would like to express our gratitude to TILT and CPDP for supporting and making this discussion possible. Paulan Korenhof her research is conducted within the Privacy and Identity Lab (PI.lab) and funded by SIDN.nl (http://www.sidn.nl).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Paulan Korenhof .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Korenhof, P., Ausloos, J., Szekely, I., Ambrose, M., Sartor, G., Leenes, R. (2015). Timing the Right to Be Forgotten: A Study into “Time” as a Factor in Deciding About Retention or Erasure of Data. In: Gutwirth, S., Leenes, R., de Hert, P. (eds) Reforming European Data Protection Law. Law, Governance and Technology Series(), vol 20. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-9385-8_7

Download citation