W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: ENISA and the right to be forgotten

From: David Singer <singer@apple.com>
Date: Tue, 11 Dec 2012 09:30:56 -0800
Cc: Karl Dubost <karld@opera.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-id: <8B87A58B-DD1F-4737-8C10-26D01D9BFC28@apple.com>
To: Robin Wilton <wilton@isoc.org>

On Dec 11, 2012, at 2:17 , Robin Wilton <wilton@isoc.org> wrote:

> +1... The issues with the RTBF arise almost exclusively out of the 'label'. 
> 
> For example, it is true that in real life, people forget things, but they don't do so through intention - so there is no analogous sense of an online service "forgetting" things. It's a great pity that we've ended up with the word "forget" in this role, but that's a consequence of the desire to boil complicated things down to soundbite-level policy statements.
> 
> In UK Data Protection law, there's been a right to see what data an organisation holds about you, and to have it corrected if it's wrong...  but the right to say to them "there's no reason for you to keep that data - please delete it" has been missing. I agree that there are cases where it is fanciful to think that data can be deleted, but *if* - when such data was collected - there was an expectation that deletion should be possible later on in the life-cycle, it might lead to a better (dare I say compliant) data management culture.
> 
> In that sense, the thing that disappoints me about RTBF is that it has generated a lot of bickering (including mine ;-/ ) about the word "forget", when at its heart, all it's really asking for is adherence to the principle of only keeping data for as long as it is genuinely needed to meet the stated purpose of collection.


But what rights do I have over data that was collected by simply observing me and my public acts?

I think there is a principle in here somewhere, but at the moment I do not see it clearly.


> 
> R
> 
> Robin Wilton
> 
> Technical Outreach Director - Identity and Privacy
> 
> On 10 Dec 2012, at 22:23, Karl Dubost <karld@opera.com> wrote:
> 
>> 
>> Le 11 déc. 2012 à 03:45, David Singer a écrit :
>>> Unfortunately I think this 'right' is badly labelled.
>> 
>> yes.
>> 
>>> But if the data was collected simply by observing me (without needing or getting my consent), how do I even know who has it, and even if I do, what right do I have to tell people 'forget you saw me in the pharmacy yesterday' (I think, none)?
>> 
>> 
>> Keys:
>> * right to be forgotten    VS     obligation to erase.
>> * forgetful interfaces
>> * lies
>> * memories loss
>> * speed of replication
>> 
>> In our social relationships, 
>> 
>> * we forget parts of what we have experienced
>> * the surface of the memory is small (what our eyes can see)
>> * the speed of distribution is slow (our abilities to share with others)
>> * the replication is imperfect (we share partial data)
>> 
>> All of that is part of our social glue. When people say "right to be forgotten" they explain that they are freaking out about the permanence, speed, etc of data collected about them. 
>> 
>> 
>> In the end, the issue with online privacy is selling ads as a business model. Changing the business model enables a lot more things. Sometimes I wonder if all efforts we put in privacy should not be put in fact in enabling micropayments solutions, etc and kills the ads business model based on data collection. Most of the current big companies do not want that, it's their fuel, but…
>> 
>> -- 
>> Karl Dubost - http://dev.opera.com/
>> Developer Relations, Opera Software
>> 
>> 
> 

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Tuesday, 11 December 2012 17:31:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 11 December 2012 17:31:34 GMT