Yesterday I spoke on a panel at the annual conference of the National Communication Association (NCA) on “the right to be forgotten,” or “right to erasure,” in data protection law.
RTBF is a way for someone to get unwanted Internet content taken down, or at least de-listed, or de-indexed, from search results, because the content causes the person injury. RTBF is regarded in Europe as a function of the human right to data protection, an outgrowth of the fundamental right to privacy in European law. The history of the right is now well documented online for the reader of every interest level, so I won’t belabor it here. Suffice to say that a landmark moment came in the case of Mario Costeja González in the European Court of Justice in 2014 (Wikipedia; the case in English). He had complained about the online publication of an archived 1998 newspaper report of a debt. The court sided with the Spanish Data Protection Authority in ordering Google Spain to de-index the report from search results.
The Costeja case rattled media on the American side of the Atlantic, who raised the alarm about a threat to the freedom of expression. U.S. law has always been a problematic analog to European privacy law. The disparity stems from a basic, initial problem, which is that the only place our Constitution plainly recognizes privacy law is in the Fourth Amendment right against unreasonable searches and seizures. To the dismay of constitutional textualists, the U.S. Supreme Court has sometimes located a right of privacy in various other provisions, as well as in their “penumbras and emanations” (Griswold v. Conn., 381 U.S. 479, 484 (1965) (LII)). But at the end of the day, our constitutional notion of a privacy right has remained largely constrained by the state action doctrine, meaning the right restrains only governmental power, not the private operators of search engines and newspaper archives. When statutory or common law privacy collides with the free speech rights of online publishers, the constitutional imperative prevails.
Meanwhile RTBF has been recognized explicitly in the General Data Protection Regulation (GDPR) of the European Union. The doctrine has spawned its own body of administrative and case law in European national courts, some of it tied more to the human right of privacy than to the GDPR. RTBF court rulings have spawned a labor-intensive takedown request service within Google. The courts and the Internet giant are sparring now over whether search engines can be compelled to de-index websites worldwide or only in national iterations of the service (e.g., google.fr for France). Scholars are looking hard at whether there should be a legal difference between a search engine and a primary information provider, such as a newspaper, in the area of Internet intermediary liability. RTBF was a sore point in the trans-Atlantic negotiation over the data protection Privacy Shield agreement, and still key details remain to be worked out in implementation. And RTBF and its balance with free expression remains a point of debate around the world as countries such as Brazil look to overhaul and update their data protection and privacy laws.
I made the moral case for RTBF in a Washington Post op-ed two years ago, so I won’t reiterate that here. I’ve since been looking into the law of RTBF in the United States. Saturday I reported my belief that the First Amendment hurdles are surmountable.
To give just the flavor of that presentation, take for example the prior restraint doctrine in U.S. First Amendment law. The prior restraint doctrine essentially forbids restraints on free expression backed by government power prior to adjudication of the expression as unlawful. One need look no farther than the vigorous notice and takedown (N&TD) regime of the Digital Millennium Copyright Act (DMCA) to see that the prior restraint doctrine is a manageable problem. To be clear, I’m on record agreeing with those who think that DMCA N&TD has gotten out of control and needs to be reined in, not to mention that the underlying scope of copyright protection is excessive. But the analogy holds. When nude celebrity photos of the likes of Jennifer Lawrence were leaked online, the remedy employed by some—for the rabidly popular Lawrence, it wasn’t possible—to recall their images from circulation was copyright N&TD, rather than tortious invasion of privacy. It makes no sense to compel the use of intellectual property law to remedy what is plainly a privacy problem. Tort law is up to the job. Moreover, I see a clear and constitutional path to injunctive remedies for privacy torts, better than for ill-fitting copyright infringements.
I am also engaging the idea that in this age of information commodification, the provision of information is sometimes more a commercial enterprise than an expressive enterprise. Certainly that's the case for data brokers, such as Acxiom. Researchers such as Nikolas Ott and Hugo Zylberberg in the Kennedy School Review have described the commercial value of the wash of data that our appliances will generate in the Internet of Things era. A Spanish court in an RTBF case against the newspaper El País held that the newspaper's online publication of archives was a commercial act rather than a journalistic one. Commercial communication is protected by the First Amendment, but to a much lesser extent than is political or artistic expression.
I am grateful to Dr. Kyu Ho Youm, the John Marshall First Amendment chair at the University of Oregon School of Journalism and Communication, who invited me to be a part of the NCA program that he designed and proposed. I am also indebted for thought-provoking reflection to my co-panelists: Dr. Ed Carter, professor and director of the School of Communication at Brigham Young University; Dr. Stefan Kulk, a researcher at the Centre for Intellectual Property Law of Utrecht University in the Netherlands; and Dr. Ahran Park, a senior researcher for the Korea Press Foundation in South Korea.