Seth Finkelstein, a long-time crusader against online censorship, made what seemed like a jaundiced comment on my recent post Piracy and Privacy. I had raised the possibility that online activists, fresh from their SOPA fight, might now come to the support of efforts to give people more control over the personal information that companies collect and trade online. Will the activists rise up again? I wondered. To which Finkelstein replied:
No. Or maybe, they will rise up AGAINST privacy, because they will be fed a line that this is going to Censor The Net.
Turns out Finkelstein wasn’t being jaundiced. He was being prescient. Shortly after he made his comment, a Harvard Law School blog posted a lathery rant, under the judicious title “More Crap from the E.U.,” by Jane Yakowitz, a professor at the Brooklyn Law School. Yakowitz blasted the European Commission’s new proposal to strengthen online privacy protections. Europe, she wrote, has been “flailing around” with internet regulation. It has enacted “miserable” policies. The EC’s reasoning is “complete and utter hogwash.” Its actions are “regressive.” Its proposed new directive represents “a misguided attack on the information economy.” Goodness. I think Professor Yakowitz must have eaten a bad mussel in Brussels once.
Having ventilated, Yakowitz went on to make her own proposal: “Google and other major Internet companies might want to start coordinating a protest similar to the effective campaign we saw here in the states in response to SOPA. If Google makes every person with the first name ‘John’ ungoogleable for a day, and if online retailers refuse to access cookie data for a day, and if content providers double the amount of advertising for a day, pressure can build before the Directive comes to a vote.” Observes the Register’s Andrew Orlowski: “Not only is this a little presumptuous – she must think Google can turn the fury of the crowd on and off like a tap – she either forgets (or doesn’t know) why people are concerned about privacy in the first place.”
When you get past Yakowitz’s bombast, it’s not all that clear how solid her objections to the E.C.’s proposal really are, or why she would impugn the E.C.’s motives. Her main gripe is that the proposed “right to be forgotten” is too broad, and would require social networks like Facebook to track down a member’s postings and pictures across the Net should that person have a change of heart and ask for the stuff to be deleted. No doubt, wiping the internet slate clean would be extraordinarily difficult as a practical matter – and, more generally, it seems unwise to offer adults a blanket protection from the consequences of their own choices, foolish or otherwise, in posting stuff publicly. But it’s not clear that the proposed directive is so sweeping. It provides for several exceptions to the right to be forgotten, and its main focus is on personal data collected by companies rather than on the information that comes through the public speech of individuals. Moreover, as Ars Technica’s Peter Bright notes, the new rules build on data-management requirements that are already in place. The proposed directive “is not a fundamental shift in the demands placed on data-holding organizations. They must already be able to identify personal data, they must already store it securely, and they must already be able to provide it on-demand. Doing these things requires that systems are designed appropriately, and this can certainly incur costs—but they are costs that should already exist today.”
The Economist’s Babbage blog makes the sensible point that, even if the EC proposal has “rough edges” that need to be ironed out, providing for a right to be forgotten is nonetheless a salutary – and overdue – goal:
Unlike biological memory, … the digitally augmented sort can be tapped by others leaving the rememberer none the wiser. Search companies routinely store users’ queries. Social networks record interactions between people. Ad clicks are logged. Cookies track individuals’ paths through the online wilderness. As a consequence, online data-mongers have unprecendented access to what are, in effect, the thoughts of hundreds of millions of consumers and citizens. They know more about people than people do about themselves. You will have trouble recalling your online searches from a few months back; Google won’t.
This can, of course, be a boon to individuals. It lets them avoid continuous online-form filling or barrages of irrelevant ads, which are replaced by those tailored to their tastes. All this saves precious time and makes for a more seamless and pleasant online experience. And indeed, some people may decide that they value convenience over confidentiality. But in a liberal society those who plump for privacy have every right to expect others, including data handlers, to respect their choice … Having figured out how to remember nearly everything, it is about time people relearned how to forget.
Yakowitz seems to think that companies’ desire to manipulate personal data should outweigh the desire of people to control the data. It’s true that if people choose to withhold their data, or limit the way it’s shared or processed, there will be some useful services that companies will not be able to provide to those people. And a broad movement to withhold data would mean that some useful research that draws on large online data sets would not be possible. But that simply puts the onus on companies, and other organizations, to prove to people that, first, the benefits of allowing them to use their personal data will outweigh the costs and risks, and, second, that they can be trusted to use the information wisely and securely, and not in exploitative ways. The ultimate goal of attempts to strengthen and rationalize privacy controls is not to lock data away; it’s to ensure that data is used in a way that strikes the right balance among commercial benefits, economic benefits, social benefits, and personal well-being. To characterize that as a miserable, regressive attack on the information economy is to peddle FUD.
UPDATE: The FUD deepens, as Google’s chief lawyer warns that the EC proposal could “break the internet.” As the FT’s John Gapper notes, that was “the slogan used by web companies to defeat anti-piracy legislation in the US.”