In the information society, the role of private sector entities in gathering information for and about users has long been a most critical issue. Therefore, intermediaries have become a main focus of privacy regulations, especially in jurisdictions with a strong tradition of privacy protection such as Europe. In a landmark case, the ECJ ruled that an internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties. The recognition by the European Union of a so called “right to be forgotten” (RTBF) has ignited disgruntled reactions from civil society and legal scholars, especially in the United States. Meanwhile, proposals for the adoption of a similar right have appeared in several jurisdictions, including Brazil, Japan, Korea, and Russia. Supposedly, the right to be forgotten would endanger freedom of expression (FoE) and access to information. Apparently, factoids — defined by the Oxford Dictionary as “an item of unreliable information that is reported and repeated so often that it becomes accepted as fact” — dominated the recent debate surrounding the right to be forgotten. This paper will discuss and debunk these factoids, review data protection legislation in Europe, and explore the legal and policy implications of the newly emerging right to be forgotten. Finally, the idea that extra-territorial application of the RTBF might unleash a kraken that can break down the Internet will be contextualized within the present political scenario. The extra-territorial application of the RTBF follows in the footsteps of a global move towards data protectionism against the de facto market dominance of US Internet conglomerates. Global blocking governed by a nationality principle — as suggested by CNiL and other EU institutions — would put at rest these protectionist concerns.
This article is available here. It is published in 15(2) Colorado Technology Law Journal 307 (2017).