W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: ENISA and the right to be forgotten

From: Robin Wilton <wilton@isoc.org>
Date: Tue, 11 Dec 2012 10:17:45 +0000
Message-Id: <6B1A72A3-F805-456B-A310-6D6FF9F3FB41@isoc.org>
Cc: David Singer <singer@apple.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
To: Karl Dubost <karld@opera.com>
+1... The issues with the RTBF arise almost exclusively out of the 'label'. 

For example, it is true that in real life, people forget things, but they don't do so through intention - so there is no analogous sense of an online service "forgetting" things. It's a great pity that we've ended up with the word "forget" in this role, but that's a consequence of the desire to boil complicated things down to soundbite-level policy statements.

In UK Data Protection law, there's been a right to see what data an organisation holds about you, and to have it corrected if it's wrong...  but the right to say to them "there's no reason for you to keep that data - please delete it" has been missing. I agree that there are cases where it is fanciful to think that data can be deleted, but *if* - when such data was collected - there was an expectation that deletion should be possible later on in the life-cycle, it might lead to a better (dare I say compliant) data management culture.

In that sense, the thing that disappoints me about RTBF is that it has generated a lot of bickering (including mine ;-/ ) about the word "forget", when at its heart, all it's really asking for is adherence to the principle of only keeping data for as long as it is genuinely needed to meet the stated purpose of collection.


Robin Wilton

Technical Outreach Director - Identity and Privacy

On 10 Dec 2012, at 22:23, Karl Dubost <karld@opera.com> wrote:

> Le 11 déc. 2012 à 03:45, David Singer a écrit :
>> Unfortunately I think this 'right' is badly labelled.
> yes.
>> But if the data was collected simply by observing me (without needing or getting my consent), how do I even know who has it, and even if I do, what right do I have to tell people 'forget you saw me in the pharmacy yesterday' (I think, none)?
> Keys:
> * right to be forgotten    VS     obligation to erase.
> * forgetful interfaces
> * lies
> * memories loss
> * speed of replication
> In our social relationships, 
> * we forget parts of what we have experienced
> * the surface of the memory is small (what our eyes can see)
> * the speed of distribution is slow (our abilities to share with others)
> * the replication is imperfect (we share partial data)
> All of that is part of our social glue. When people say "right to be forgotten" they explain that they are freaking out about the permanence, speed, etc of data collected about them. 
> In the end, the issue with online privacy is selling ads as a business model. Changing the business model enables a lot more things. Sometimes I wonder if all efforts we put in privacy should not be put in fact in enabling micropayments solutions, etc and kills the ads business model based on data collection. Most of the current big companies do not want that, it's their fuel, but…
> -- 
> Karl Dubost - http://dev.opera.com/
> Developer Relations, Opera Software
Received on Tuesday, 11 December 2012 10:16:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:55 UTC