Forthcoming in the Berkeley Technology Law Journal
The so-called “Right to Be Forgotten” established by the Court of Justice of the European Union in 2014 is about to change. The EU's General Data Protection Regulation, which goes into effect in 2018, introduces new notice-and-takedown rules for online information targeted by “Right to Be Forgotten” erasure requests. The new rules are ripe for abuse. They give private Internet platforms powerful incentives to remove user-generated content – whether or not that content, or the intermediaries’ processing of the content, violates any law. This threat to online expression and information could be reduced through procedural checks and balances in the OSPs’ removal operations and before regulators and courts. This article details the problematic GDPR provisions, examines the convergence of European Data Protection and Intermediary Liability Law, and proposes ways that the EU’s own Intermediary Liability laws can restore balanced protections for privacy and information rights under the new law.
Download the full paper at SSRN.