[LINK] The Right to Be Forgotten

Roger Clarke Roger.Clarke at xamax.com.au
Sun Jan 29 09:07:45 AEDT 2012 

>On 28/01/12 09:06, Richard Chirgwin wrote:
>>  http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm
>>  Scroll down to the PDF of the proposed directive ...

A bit of history.

In the late 1970s, it was submitted to the OECD Expert Group that 
there was a need for a Principle that required destruction of data 
when its purpose had expired.

But the OECD Principles (1980) were released with no such 
requirement.  The matter is merely mentioned in the Explanatory 
Memorandum: " ... when data no longer serve a purpose, and if it is 
practicable, it may be necessary to have them destroyed (erased) or 
given an anonymous form. The reason is that control over data may be 
lost when data are no longer of interest; this may lead to risks of 
theft, unauthorised copying or the like" (EM54)".

See http://www.rogerclarke.com/DV/PaperOECD.html#RTFToC62

The scores of laws that have been created using the 'Fair Information 
Practices' (FIPs) framework, in particular as expressed in the OECD 
Guidelines, have perpetuated the error made by the OECD Expert Group.

Thirty years later, the EU is trying to make good this particular 
deficiency, using the sexier-sounding 'right to forget' term.

It would be better to:
-   call it a 'right to be forgotten'
-   use that expression only in the PR
-   in the legislation, call it 'the requirement to destroy data',
     or perhaps the less-negative-sounding 'limits to data retention'

But it's good that we're seeing some action on at least this one 
point, after all these years.

_____________

At 8:40 +1100 29/1/12, Tom Worthington wrote:
>Got it:
>
>"... Article 17 provides the data subject's right to be forgotten and to
>erasure. It further elaborates and specifies the right of erasure
>provided for in Article 12(b) of Directive 95/46/EC and provides the
>conditions of the right to be forgotten, including the obligation of the
>controller which has made the personal data public to inform third
>parties on the data subject's request to erase any links to, or copy or
>replication of that personal data. It also integrates the right to have
>the processing restricted in certain cases, avoiding the ambiguous
>terminology "blocking". ...
>
>(53) The principles of fair and transparent processing require that the
>data subject should be informed in particular of the existence of the
>processing operation and its purposes, how long the data will be stored,
>on the existence of the right of access, rectification or erasure and on
>the right to lodge a complaint. Where the data are collected from the
>data subject, the data subject should also be informed whether they are
>obliged to provide the data and of the consequences, in cases they do
>not provide such data.
>
>Any person should have the right to have personal data concerning them
>rectified and a 'right to be forgotten' where the retention of such data
>is not in compliance with this Regulation. In particular, data subjects
>should have the right that their personal data are erased and no longer
>processed, where the data are no longer necessary in relation to the
>purposes for which the data are collected or otherwise processed, where
>data subjects have withdrawn their consent for processing or where they
>object to the processing of personal data concerning them or where the
>processing of their personal data otherwise does not comply with this
>Regulation.
>
>This right is particularly relevant, when the data subject has given
>their consent as a child, when not being fully aware of the risks
>involved by the processing, and later wants to remove such personal data
>especially on the Internet. However, the further retention of the data
>should be allowed where it is necessary for historical, statistical and
>scientific research purposes, for reasons of public interest in the area
>of public health, for exercising the right of freedom of expression,
>when required by law or where there is a reason to restrict the
>processing of the data instead of erasing them.
>
>(54) To strengthen the 'right to be forgotten' in the online
>environment, the right to erasure should also be extended in such a way
>that a controller who has made the personal data public should be
>obliged to inform third parties which are processing such data that a
>data subject requests them to erase any links to, or copies or
>replications of that personal data. To ensure this information, the
>controller should take all reasonable steps, including technical
>measures, in relation to data for the publication of which the
>controller is responsible. In relation to a third party publication of
>personal data, the controller should be considered responsible for the
>publication, where the controller has authorised the publication by the
>third party. ..."
>
>From: Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE
>COUNCIL on the protection of individuals with regard to the processing
>of personal data and on the free movement of such data (General Data
>Protection Regulation), COM(2012) 11 final 2012/0011 (COD), European
>Commission, Brussels, 25.1.2012:
>http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf
>
>
>--
>Tom Worthington FACS CP, TomW Communications Pty Ltd. t: 0419496150
>PO Box 13, Belconnen ACT 2617, Australia  http://www.tomw.net.au
>Liability limited by a scheme approved under Professional Standards
>Legislation
>
>Adjunct Senior Lecturer, Research School of Computer Science,
>Australian National University http://cs.anu.edu.au/courses/COMP7310/
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law               University of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list