W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2012

Re: ENISA and the right to be forgotten

From: Robin Wilton <wilton@isoc.org>
Date: Wed, 12 Dec 2012 11:49:45 +0000
Cc: Karl Dubost <karld@opera.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <F71805C4-45CB-40A9-BFC7-A935A5D67023@isoc.org>
To: David Singer <singer@apple.com>
Thanks David - 

That is a fair point. I was just trying to clear up one of the difficulties, which arises out of the word we happen to have ended up with. 

I think Joe is right that a lot of the detailed implications aren't clear yet - and I'm afraid that's often a feature of EU legislation: the Commission itself often wants a degree of ambiguity to persist in its proposals, because that means it can make a bold statement of principle ("Protect kittens! They are cute!") and get broad consensus without having to get into the inconvenient details… and the member states often want ambiguity in the text, because it makes it easier for them to sign up to the bold principle and then exploit the wiggle-room when transposing EU requirements into national law (or interpreting those requirements in the courts, if no transposition is needed, as in the case of a Regulation).

When it comes specifically to passively-collected data generated in the course of your 'public acts', the same principles of 'purpose of collection and period of retention' can apply, I think, but it's still not a simple problem. For instance, even passive collection requires the collector to have done something so as to arrange for the collection to happen… (such as set up a CCTV system in the High Street). If that system has been set up to detect and/or prevent crime, then you have a purpose of collection that can be linked to some assumption about how long it is reasonable to retain the data. (I admit, that is at risk of being a "how long is a piece of string" question…).

So, on the face of it, there's a point at which it would be reasonable for an individual to go to the CCTV operator and say "there's no reasonable purpose in your retention of this data about me - I would like it to be deleted, please". As I say, though, it's not a simple problem: you could raise or lower the 'reasonableness' threshold for all kinds of reasons (the CCTV operator might say "we don't yet know if the data is obsolete; it would take us disproportionate effort to delete all and only footage of you; there's no point us deleting it, because it's not doing you any harm" etc.). 

I think all I'm saying is - you're right, there is a principle here (namely, that if there's no reason for you to continue to hold data about me, I should have the option of asking you not to do so), but putting that principle into practice raises an awful lot of questions to which we don't have all the answers…

R

Robin Wilton
Technical Outreach Director - Identity and Privacy
Internet Society

email: wilton@isoc.org
Phone: +44 705 005 2931
Twitter: @futureidentity




On 11 Dec 2012, at 17:30, David Singer wrote:

> 
> On Dec 11, 2012, at 2:17 , Robin Wilton <wilton@isoc.org> wrote:
> 
>> +1... The issues with the RTBF arise almost exclusively out of the 'label'. 
>> 
>> For example, it is true that in real life, people forget things, but they don't do so through intention - so there is no analogous sense of an online service "forgetting" things. It's a great pity that we've ended up with the word "forget" in this role, but that's a consequence of the desire to boil complicated things down to soundbite-level policy statements.
>> 
>> In UK Data Protection law, there's been a right to see what data an organisation holds about you, and to have it corrected if it's wrong...  but the right to say to them "there's no reason for you to keep that data - please delete it" has been missing. I agree that there are cases where it is fanciful to think that data can be deleted, but *if* - when such data was collected - there was an expectation that deletion should be possible later on in the life-cycle, it might lead to a better (dare I say compliant) data management culture.
>> 
>> In that sense, the thing that disappoints me about RTBF is that it has generated a lot of bickering (including mine ;-/ ) about the word "forget", when at its heart, all it's really asking for is adherence to the principle of only keeping data for as long as it is genuinely needed to meet the stated purpose of collection.
> 
> 
> But what rights do I have over data that was collected by simply observing me and my public acts?
> 
> I think there is a principle in here somewhere, but at the moment I do not see it clearly.
> 
> 
>> 
>> R
>> 
>> Robin Wilton
>> 
>> Technical Outreach Director - Identity and Privacy
>> 
>> On 10 Dec 2012, at 22:23, Karl Dubost <karld@opera.com> wrote:
>> 
>>> 
>>> Le 11 déc. 2012 à 03:45, David Singer a écrit :
>>>> Unfortunately I think this 'right' is badly labelled.
>>> 
>>> yes.
>>> 
>>>> But if the data was collected simply by observing me (without needing or getting my consent), how do I even know who has it, and even if I do, what right do I have to tell people 'forget you saw me in the pharmacy yesterday' (I think, none)?
>>> 
>>> 
>>> Keys:
>>> * right to be forgotten    VS     obligation to erase.
>>> * forgetful interfaces
>>> * lies
>>> * memories loss
>>> * speed of replication
>>> 
>>> In our social relationships, 
>>> 
>>> * we forget parts of what we have experienced
>>> * the surface of the memory is small (what our eyes can see)
>>> * the speed of distribution is slow (our abilities to share with others)
>>> * the replication is imperfect (we share partial data)
>>> 
>>> All of that is part of our social glue. When people say "right to be forgotten" they explain that they are freaking out about the permanence, speed, etc of data collected about them. 
>>> 
>>> 
>>> In the end, the issue with online privacy is selling ads as a business model. Changing the business model enables a lot more things. Sometimes I wonder if all efforts we put in privacy should not be put in fact in enabling micropayments solutions, etc and kills the ads business model based on data collection. Most of the current big companies do not want that, it's their fuel, but…
>>> 
>>> -- 
>>> Karl Dubost - http://dev.opera.com/
>>> Developer Relations, Opera Software
>>> 
>>> 
>> 
> 
> David Singer
> Multimedia and Software Standards, Apple Inc.
> 
Received on Wednesday, 12 December 2012 11:51:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 12 December 2012 11:51:12 GMT