The Right to Be Forgotten

The repeated unwelcome publication of people's online personal information has spawned a movement concerned about online freedom and online privacy; including the right not to be tracked online and the "right to be forgotten." Recently, both the U.S. Federal Trade Commission (FTC) and the European Union issued papers addressing how our online behavior is tracked. The European working paper, "A Comprehensive Approach on Personal Data Protection in the European Union" states that "individuals should always be able to access, rectify, delete or block their data, unless there are legitimate reasons, provided by law, for preventing this." The current U.S. working paper, "Protecting Consumer Privacy in an Era of Rapid Change," is currently in preliminary draft format; it does not offer any recommendations.

If you think it is easy to control your personal information and delete items or photos you have posted online, consider the following:

• Who owns the data? If you and I are friends on a social network, does that information belong to you or me? Can you pass that information on to someone else without my permission? Can you delete it without my permission? In many cases the legal case is simple, but what happens if I post information about other people? What if those people are suspected sex offenders, public figures, and minors? Do they have the right to remove the information?

• Information sharing across online services and applications makes it virtually impossible to completely delete anything. For example, Facebook applications that extract personal information from Facebook may retain remnants when a profile is deleted from Facebook. This is particularly worrisome considering that a study at the University of Virginia found that 90% of Facebook applications request more personal information than they need. While the same study showed that there are technical ways to mitigate this problem, online sites have not implemented these and there is little impetus for their doing so.

• Lack of comprehensive information-privacy statutes in the U.S. means it is easy to collect personal information; no provision yet exists mandating the right to delete such information. The situation is not much better in Canada, in the European Union or elsewhere.

• Information 'lurches' happen periodically. Lurches occur when information is unintentionally leaked to third-parties. This can happen during product/service lapses, caused for example, by bugs in a social network. It can happen when information privacy policies flip-flop, such as when Facebook made identity information temporarily available to marketers in 2007, through its Beacon service, before it was forced by public pressure to cancel the service. However, lurches happen most often when people post information or approve the sharing of information with other applications, without understanding the implications. Retrieving or deleting this information is practically impossible. The online data collector is usually not liable for lurches, due to the absence of comprehensive data collection statutes for social (as opposed to commercial) purposes. Since the online information has often been posted by individual themselves, it is impossible to later claim the information is untrue or it was posted unintentionally. In the online world--"if you posted it, it's your problem." Trying to claim the information was not intended to be public is becoming an increasingly tough sell.

• Social networks like Facebook may retain personal data for a period of time after a profile is deleted,. As of Feb 2011, Facebook's Privacy Policy states that upon profile deletion, "we may retain certain information to prevent identity theft and other misconduct even if deletion has been requested." Furthermore, "removed and deleted information may persist in backup copies for up to 90 days, but will not be available to others." Even Facebook concedes however, that information shared with applications or third-parties will continue to exist.

Follow @FastCoLeaders for all of our leadership news, expert bloggers, and book excerpts.

Next post ... some ideas about what works (and doesn't work) to protect ourselves and others online.