In May 2018, the European General Data Protection Regulation 2016/679 (GDPR) came into force, which accelerated the European Union into a new era of having the world’s strongest data protection laws. The European Data Protection legislation was the basis of the famous Google v Costeja González (C-131/12 (2014)) case, in which it was ruled that Google is a “data controller” who is therefore required to remove data that is “inadequate, irrelevant, or no longer relevant”.
The GDPR is important because it embodies the controversial and topical debates surrounding the tension between the right to privacy, security and freedom of expression. Europe’s data protection legislation are intended to secure potentially damaging, private information about individuals. Googles process for removal involves a case by case weighing of “the individual’s right to privacy against the public’s right to know”, and in 2018 it was announced that almost 1.1 million links have been removed.
It is arguable that the GDPR decreases the value of the internet through censorship and interferes with the historical record. The US case Sidis v. FR Publishing Corp (113 F.2d 806 (1940)), said that there is social value in published facts, and that a person cannot ignore their celebrity status merely because they want to.
Despite this argument, further research revealed to me that only 5% of requests for removal have been made by criminals, politicians, and public figures, demonstrating that most requests are coming from members of the public who are simply attempting to assert their right to erase their past. I now believe that Europe’s data protection legislation, and specifically the GDPR, is very important and valuable because it allows individuals to determine the development of their life in an autonomous way, without being perpetually stigmatized as a consequence of an action performed in the past.
This legislation heavily impacts on the younger generation, because we are the first to experience the integration of technology and social media into our lives so deeply, but have little guidance on the consequences of sharing information online. The right to be forgotten is therefore right to have an imperfect past. The GDPR allows us to refuse to give ownership of our own identity to giant corporations such as Facebook and Google. It seems to me to answer the question of who owns personal data.