Jeremy Bentham originally described the Panopticon in 1787. The concept of the Panopticon was that, at any given moment, anonymous individuals could observe others without their knowledge or consent. Bentham predicted that this inspection principle would effect “morals reformed, health preserved, industry invigorated, instruction diffused and public burdens lightened.”
In the August edition of
Harper’s Magazine
, Princeton University professor and “
” author Peter Singer argued that technology has made it easy to collect, store and disseminate information on individuals, corporations and the government. As Singer observed, we now have the technological apparatus to realize the Panopticon.
Combining the current realities of the failure to forget with the implications of our modern Panopticon, Web 2.0 yields a world where no human activity is human, but rather, each digital entry represents an extension of the loss of humanity, compassion, understanding and, most importantly, forgiveness. Modern thinkers must call for balance—in other words, the right to forget or be forgotten. Recent reports and fundamental laws of the European Union as well as the legislative history of the European Union have begun to enforce the notion and practice of the right to forget.
In the Charter of Fundamental Rights of the European Union (2000), Chapter II (Freedoms) relates to the right to forget. These specific freedoms include Article 6,
Right to liberty and security
; Article 7,
Respect for private and family life
, and Article 8,
Protection of personal data
.
Specifically, “everyone has the right to liberty and security of person; ... everyone has the right to respect for his or her private and family life, home and communications,” and “everyone has the right to the protection of personal data concerning him or her. Such data must be processed fairly for specific purposes” based on the consent of the individual person concerned “or some other legitimate basis laid down by law.” In addition, Article 8 states that everyone must have the right of access to data concerning him or her and the right to have it rectified. “Compliance with these rules shall be subject to control by an independent authority.”
On April 18, the European Union’s executive body—the European Commission—released the final version of its “
” (Directive 2006/24/EC).
The findings are significant.
Articles 6 and 12 of the directive state that EU member states shall retain data categories specified in Article 5 of the directive for a period of not less than six months and not greater than two years. The maximum retention period may be extended by a member state that is “facing particular circumstances that warrant an extension for a limited period.” Such an extension must be notified to the European Commission. To date, no such notifications have ever been received. All 27 European Union member states abide by these limitations, with 10 states specifying a one-year retention period for all categories of data enumerated in Article 5 of Directive 2006/24/EC.
Section 7 of the report is titled “Implications of Data Retention for Fundamental Rights.” In section 7.1, the struggle between rights to privacy and protection of personal data are spelled out. Article 52(1) of the Charter of Fundamental Rights spells out the specifics. Limitations on the right to a private life and the protection of personal data secondary to data retention must take into account the following.
They must be
- formulated in a clear and predictable manner;
- necessary to achieve an objective of general interest or to protect the rights and freedoms of others;
- proportionate to the desired aim, and
- preserve the essence of the fundamental rights concerned.
Further, section 7.1 discusses Article 8(2) of the European Convention of Human Rights, which recognizes that interference by a public authority with a person’s right to privacy may be appropriate in the interests of national security, public safety or the prevention of a crime.
Case law of the European Court of Justice and the European Court of Human Rights establish three guiding principles. They are:
- Any limits on the right to privacy must be precise and enable foreseeability.
- Any limits on the right to privacy must be necessary with minimum safeguards.
- Any limits on the right to privacy must be proportionate to the general interest.
Section 8 of the report details conclusions and recommendations. The conclusions reached in sections 8.1 to 8.5 say
- the EU should support and regulate data retention as a security measure;
- transposition has been uneven;
- the directive has not fully harmonized the approach to data retention and has not created a level playing field for operators;
- operators should be consistently reimbursed for the costs they incur, and
- ensure proportionality in the end-to-end process of storage, retrieval and use.
Key areas for future evaluation include “consistency in limitation of the purpose of data retention and types of crimes for which retained data may be accessed and used; more harmonization of, and possibly shortening, the periods of mandatory data retention; ... limiting the authorities authorized to access the data; reducing the data categories to be retained;" and “guidance on use of data including the prevention of data mining.”
Various articles that have appeared in
The Privacy Advisor
address these issues in other countries.
In “
,” Dan Or-Hof, CIPP, recounts the case of Liran v. Pelephone and Partner. In this case, the plaintiff argued that cellular providers store phone records for billing purposes only, and as soon as a subscriber pays for the calls, the relevant phone records should not be retained. The court ruled that the plaintiff did not prove the defendants used the records in a manner inconsistent with the registered purposes of their database. Although the plaintiff lost, the Tel Aviv district court made it clear that the scope and administration of data retention is a matter that requires separate review
In the article “
,” Bruno Rasle, executive director of the AFCDP (French Association of Data Protection Correspondents), says the phrase "right to be forgotten" can be construed in two ways. "In the first sense,” he states, “the 'right to be forgotten' is a prohibition, made in France, against the indefinite retention of personal data.” The second meaning, Rasle suggests, is “the right to rectification and objection,” where the data controller is obliged to delete data only if they are inaccurate, outdated or whose collection is prohibited.
Though there is still a long way to go, as a society we are beginning to ask some questions. Can we “regulate” the effects of perfect memory? Has our ability to control our destiny been forever replaced by our newly found ability to store data? Are the contents of our individual hidden closets laid bare to the recall of modern technology? If beneficial, is the value time-dependent?
The need to forget is a core societal requirement as well as the correct imperative for each individual’s long-term well-being. The prodigal son is no less a metaphor for the right to be forgiven as the right to forget. As Viktor Mayer-Schonberger said, “Do we want a future that is forever unforgiving because it is unforgotten?”
