On May 13, the Court of Justice of the European Union ruled that individuals have the “right to be forgotten,” meaning they have the right to ask Google to remove information about them from its search index. A 1972 amendment to the California Constitution declares that the right to privacy is inalienable. So, should we expect that Californians will soon have the ability clean up some awkward digital history and limit future information sharing? That would be premature.
Why the EU Ruling is Remarkable
The “right to be forgotten” ruling has its roots in criminal law, in the widely shared sentiment that someone who has paid the price for a criminal misdeed has the right to be welcomed back into the arms of society. We do much the same in this country. Ex-felons regain the franchise. Juvenile records are sealed. Even adult criminal records may be expunged.
What’s different is that the Court of Criminal Justice has made a giant leap into the behavioral realm, to include information about activities that are not criminal, not a breach of civil law, not illegal in any way — as long as the data is “inadequate, irrelevant or no longer relevant.” The right to be forgotten is the right to eliminate the embarrassing.
This is quite compelling for anyone who has ever been foolish. (Who would not actually prefer that everyone else’s mind be sunny and spotless?) It’s inconvenient if you like to receive marketing information about things you might like to buy. It’s puzzling for lawyers trying to balance the competing rights to privacy and free speech. The task of removing information is potentially ruinous for giant data collectors, like Facebook and Google, and it’s baffling for the small retailer trying to micro-target customers who are shopping for big screen TVs. There are several constituencies with competing interests.
Let’s Get Back to California
Last week the California Attorney General’s Office issued guidance about what the notice required to be posted by commercial websites or online services should include:
- How the site responds to a browser’s Do Not Track signal,
- Whether third parties are or may be collecting personally identifiable information,
- Uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of the website or app.
- What personally identifiable information is collected and how long it is retained, and
- What choices a consumer has regarding the collection, use and sharing of personal information.
Notice that neither the law, nor the new guidance require online services to comply with a Do Not Track notice or to refrain from marketing personally identifiable information. The law requires simply that the sites disclose their practices.
What About Data Breaches?
Another day, another data breach, it appears. First Target, then Heartbleed, and last week EBay users were told to change their passwords in the wake of another huge hacking scandal. As with data collection, the legal obligation of online services is to notify Californians whose information may have been compromised. This has nationwide effect, as long as the consumer is a California resident.
The Point of Disclosure Requirements
The point of disclosure requirements, whether of the initial data collection or its subsequent loss, is to give customers the chance to respond with the power of the purse. If the customer is unhappy about the harvesting of personally identifiable information, he or she can shop elsewhere or deal in cash.
March 05, 2015
Thinking of buying a franchise? That’s very exciting. For many, franchising is the first foray into owning your own business. As with any business purchase, however, you will want to make sure that you can …
December 11, 2014
I once worked for a company that had been rumored, maybe, at some distant time in the future, possibly, but not certainly, perhaps in connection with a potential sale or not, to be tentatively considering …
March 03, 2016
The topic of teachers getting into trouble over sex-related matters has become almost a sub-genre of American journalism for several decades now. In the late 1990's, Washington schoolteacher Mary Kay Letourneau became a tabloid feature …
March 14, 2016
The guys kick off the week by discussing the lawsuit in Hawaii where an employee posted a defamatory remark about a customer and tried to hold the employer liable. They also discuss the new anti-discrimination and …
July 30, 2015
Twenty-four states and New York City either are or have very recently considered establishing state run retirement savings plans. Several of these are modeled on SB 1234, the California Secure Choice Retirement Savings Trust Act. …
October 06, 2015
While Uber may be receiving the lion’s share of the attention on the topic, there has been no shortage of court rulings, IRS audits, and labor decisions on the issue of workforce misclassification. With a …
September 08, 2016
Nasir and Matt discuss why Amazon seller accounts are getting suspended and banned without notice and how business owners can rectify this situation through a Corrective Action Plan. Transcript: NASIR: Welcome to Legally Sound Smart Business. My name is …
January 11, 2016
Nasir and Matt kick off 2016 by discussing how one Indianapolis bar responded to a negative post on its Facebook page. Transcript: NASIR: Welcome to our podcast where we cover business in the news and add our …
September 30, 2014
Truthfully, most sellers don’t want to take back paper. An all-cash deal often looks like the easiest and cleanest way to get on to the next venture, much preferable to waiting for another 5 to …
January 19, 2016
Look around your office. Is anyone out sick today? (Alternatively, is someone who is in the office clearly too sick to be there?) According to Bloomberg BNA, sick leave will be a big issue for …
Businesses that collect data, and increasingly smart businesses do, in order to maximize marketing efforts essentially rely on a contract theory. If they disclose as required by law, and the customer accepts the terms of the deal, where is the harm? In reality, though, this approach does not quite address the problem because consumers who care about the privacy of personally identifiable data do not have many other acceptable choices. There’s a great deal of market pressure to alienate an inalienable right.
So, Do Consumers Care?
Are privacy laws a solution in search of a problem? It depends on your demographic. If your customer base is young and technologically savvy, they may not care a great deal. Facebook, for example, just rolled out a new app that turns on the user’s microphone, identifies background music or TV sound and automatically updates the user’s status. Unless it is the kind of breach that leaves the bank account empty, many consumers don’t seem to care. Many derive a sense of community, or at least anonymity, in the massive quantity of data collected and shared, whether or not the sharing is deliberate. Some other segments of your customer base, however, may be a bit more touchy.
Should Californians Anticipate the Day When They Can Ask Google to Scrub its Search Index?
Not soon, it seems. Even in California, which has historically been in the forefront of privacy protection, there seems to be no movement to import a “right to be forgotten.” The EU ruling has a faintly 70s feel to it.
Privacy advocates might plausibly support legislation requiring web based businesses to honor Do Not Track notices, but how compliance might be managed is not entirely clear. This is still a very long way from deleting historical information that has become “inadequate, irrelevant or no longer relevant.”