Eugene recently posted about whether it can ever be libelous to say, accurately, that someone has been arrested after the arrest has been expunged. The New Jersey Supreme Court rightly described the idea as Orwellian and rejected it.
In Europe, though, something like this rule is being advanced in the name of privacy. Unlike the wacky libel theory highlighted by Eugene, the equally wacky European “right to be forgotten” stands a good chance of being adopted in some form. In fact, it stands a good chance of being applied widely inside the United States as a result of Europe’s unending campaign to export its data protection standards.
The European Commission explains its proposed directive as follows:
Any person should have the right to have personal data concerning them rectified and a ‘right to be forgotten’ where the retention of such data is not in compliance with this Regulation. In particular, data subjects should have the right that their personal data are erased and no longer processed, where the data are no longer necessary in relation to the purposes for which the data are collected or otherwise processed, where data subjects have withdrawn their consent for processing or where they object to the processing of personal data concerning them or where the processing of their personal data otherwise does not comply with this Regulation.
In Eurospeak, a “data subject” is anyone about whom facts have been collected or processed. The data protection rules apply to anyone who does the collecting or processing, whether a big mail order company, a community newsletter, or a lonely blogger. While there’s a regulatory carveout allowing retention of data “for exercising the right of freedom of expression,” the presumption of the rule is that any data about a person must be erased if the person objects to its retention. Indeed, if the data has been passed on to third parties for processing, they must also be told “to erase any links to, or copies or replications of that personal data.”
If you’re thinking that such a foolish law could never be adopted here, think again. Europe has long engaged in a kind of data boycott of the United States, refusing to allow American companies to process any personal data from Europe on grounds that US privacy law is not “adequate” to protect Europeans. Under this economic pressure, more and more companies have agreed in effect to apply European data protection law to their activities inside the United States.In fact, the Federal Trade Commission is now busily enforcing European data protection law in the US.
So there’s a decent chance that the “right to be forgotten” will be enforced here, and that it will end up regulating what information Americans are allowed to give to other Americans.
And what about the First Amendment, you say? Sorry, that’s just a local ordinance in Europe’s view – though in time perhaps you’ll be able to file a “Form 327a — Request to Retain Data for Purposes of Exercising the Right of Freedom of Expression” and receive a prompt reply from a European agency granting or denying your request.