EU and US privacy law running on a collision course: Is there anything like a ‘right to be forgotten’ and can lessons be learnt from Google Spain v. AEPD and González

Abstract

The increasing use of modern communication technologies in the commercial and public sectors is constituting a threat to privacy and data protection today. A citizen who whispers in the closet—I want to be forgotten—is often appalled to hear their faint voice reverberate loud from the house-tops—I want to be remembered. Such harsh realities raise serious legal and policy questions about internet governance and how personal data are collected, stored, processed and distributed across many public and commercial databases. The ‘right to be forgotten’ answers a part of the question by recognizing that individuals have a right to take back ownership of the information about their past from search engine companies. The ECJ’s 2014 historic decision in Google Spain v. AEPD and González required search-engine companies like Google, to remove from public view links to web pages that display personal information, in particular, where the search results are ‘inaccurate, inadequate, irrelevant or excessive’ and the individual’s right to privacy outweighs the benefit to the public interest. The decision demonstrates EU Law’s preference for privacy over free speech. On the contrary, the United State Court of Appeals decision in Martin v. Hearst Corporation refusing to recognize a ‘right to be forgotten’ demonstrates the preference of free speech over privacy in the U.S, leaving Americans wondering if there will ever be a right to be forgotten in the United States. The position in the U.S may be justified by the need to uphold values of free expression as it is at the heart of the American democratic system while the position in the EU tilts towards greater respect for privacy and harm reduction. Privacy law in both jurisdictions appears then, to be at loggerheads and running on a collision course. The paper asks if indeed there should have been anything like a ‘right to be forgotten’ in the first place given the muddled way in which the ECJ handed down the González decision and if there is, what lessons can be learnt from that decision for the future of privacy law in the EU and US. The paper argues that in order to reconcile the conflicting principles in Europe and America, the first step is to understand the nature, character and content of that which was remembered before anything was to be forgotten and how it affects the reputation, historical integrity and accountability of the individual vis-à-vis benefit to the legitimate public interest.