Yesterday I spoke on a panel at the annual conference of the
National Communication Association (NCA) on “the right to be forgotten,” or “right
to erasure,” in data protection law.
RTBF is a way for someone to get unwanted Internet content
taken down, or at least de-listed, or de-indexed, from search results, because the content
causes the person injury. RTBF is
regarded in Europe as a function of the human right to data protection, an
outgrowth of the fundamental right to privacy in European law. The history of the right is now well
documented online for the reader of every interest level, so I won’t belabor it
here. Suffice to say that a landmark
moment came in the case of Mario Costeja González in the European Court of
Justice in 2014 (Wikipedia;
the
case in English). He had complained
about the online publication of an archived 1998 newspaper report of a
debt. The court sided with the Spanish
Data Protection Authority in ordering Google Spain to de-index the report from
search results.
The Costeja case
rattled media on the American side of the Atlantic, who raised the alarm about
a threat to the freedom of expression. U.S.
law has always been a problematic analog to European privacy law. The disparity stems from a basic, initial problem,
which is that the only place our Constitution plainly recognizes privacy law is
in the Fourth Amendment right against unreasonable searches and seizures. To the dismay of constitutional textualists, the
U.S. Supreme Court has sometimes located a right of privacy in various other
provisions, as well as in their “penumbras and emanations” (Griswold v. Conn.,
381 U.S. 479, 484 (1965) (LII)). But at the end of the day, our constitutional
notion of a privacy right has remained largely constrained by the state action
doctrine, meaning the right restrains only governmental power, not the private
operators of search engines and newspaper archives. When statutory or common law privacy collides with the free speech rights of online publishers, the constitutional imperative prevails.
Meanwhile RTBF has been recognized explicitly in the General
Data Protection Regulation (GDPR) of the European Union. The doctrine has spawned its own body of administrative
and case law in European national courts, some of it tied more to the human right of privacy than to the GDPR. RTBF court rulings have spawned a labor-intensive takedown
request service within Google. The
courts and the Internet giant are sparring now over whether search engines
can be compelled to de-index websites worldwide or only in national iterations
of the service (e.g., google.fr for France).
Scholars are looking hard at whether there should be a legal difference
between a search engine and a primary information provider, such as a
newspaper, in the area of Internet intermediary liability. RTBF was
a sore point in the trans-Atlantic negotiation over the data protection Privacy
Shield agreement, and still key details remain to be worked out in
implementation. And RTBF and its balance
with free expression remains a point of debate around the world as countries
such as Brazil look to overhaul and update their data protection and privacy
laws.
I made the moral case for RTBF in a
Washington Post op-ed two years ago, so I won’t reiterate that here. I’ve since been looking into the law of RTBF in
the United States. Saturday I reported my
belief that the First Amendment hurdles are surmountable.
To give just the flavor of that presentation,
take for example the prior restraint doctrine in U.S. First Amendment law. The prior restraint doctrine essentially
forbids restraints on free expression backed by government power prior to
adjudication of the expression as unlawful.
One need look no farther than the vigorous notice and takedown (N&TD)
regime of the Digital Millennium Copyright Act (DMCA) to see that the prior
restraint doctrine is a manageable problem.
To be clear, I’m on record agreeing with those who think that DMCA
N&TD has gotten out of control and needs to be reined in, not to mention
that the underlying scope of copyright protection is excessive. But the analogy holds. When nude celebrity photos of the likes of
Jennifer Lawrence were leaked online, the remedy employed by some—for the
rabidly popular Lawrence, it wasn’t possible—to recall their images from circulation
was copyright N&TD, rather than tortious invasion of privacy. It makes no sense to compel the use of
intellectual property law to remedy what is plainly a privacy problem. Tort law is up to the job. Moreover, I see a clear and constitutional path
to injunctive remedies for privacy torts, better than for ill-fitting copyright
infringements.
I am also engaging the idea that in this age of information commodification, the provision of information is sometimes more a commercial enterprise than an expressive enterprise. Certainly that's the case for data brokers, such as Acxiom. Researchers such as Nikolas Ott and Hugo Zylberberg in the Kennedy School Review have described the commercial value of the wash of data that our appliances will generate in the Internet of Things era. A Spanish court in an RTBF case against the newspaper El País held that the newspaper's online publication of archives was a commercial act rather than a journalistic one. Commercial communication is protected by the First Amendment, but to a much lesser extent than is political or artistic expression.
I am grateful to Dr. Kyu Ho Youm, the John Marshall First
Amendment chair at the University of Oregon School of Journalism and
Communication, who invited me to be a part of the NCA program that he designed
and proposed. I am also indebted for thought-provoking
reflection to my co-panelists: Dr. Ed Carter, professor and director of the
School of Communication at Brigham Young University; Dr. Stefan Kulk, a
researcher at the Centre for Intellectual Property Law of Utrecht University in
the Netherlands; and Dr. Ahran Park, a senior researcher for the Korea Press
Foundation in South Korea.