The Anglo-American / Continental Privacy Divide? How Civilian Personality Rights Can Help Reconceptualize the “Right to be Forgotten” Towards Greater Transnational Interoperability

Karen Eltis (University of Ottawa)

August 2016

Note: This submission was contributed by the author(s) to the Office of the Privacy Commissioner of Canada’s Consultation on Online Reputation.

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

---

Summary

This project was supported by a grant from the Canadian Internet Registration Authority (CIRA)’s Community Investment Program.

On the heels of the now infamous Costeja decision, the Office of the Privacy Commissioner of Canada laudably invited public input regarding the possibility of a “Right to Be Forgotten” (or right to de-indexation of searchable online information) in Canada. Specializing in privacy, data security and constitutional rights from a comparative perspective, I welcome this especially praiseworthy initiative, which comes to “enrich the public” to quote Commissioner Daniel Therrien.

In a word, the European Court of Justice decision in Costeja appears to compel search engines to remove links to certain search results at the request of individual Europeans—and potentially by others beyond Europe’s borders—by virtue of the “right to be forgotten”. The ECJ decision not only provides little guidance for when this controversial step is required but may ironically have the effect of appointing (chiefly American) ‘data controllers’ as unwitting private censors. The paper submitted (titled THE ANGLO-AMERICAN / CONTINENTAL PRIVACY DIVIDE? HOW CIVILIAN PERSONALITY RIGHTS CAN HELP RECONCEPTUALIZE THE “RIGHT TO BE FORGOTTEN” TOWARDS GREATER TRANSNATIONAL INTEROPERABILITY forthcoming in 94 Canadian Bar Review (2016) underscores the growing conflict between the Continental and Anglo-American conception of privacy (with the latter rejecting the ‘right to be forgotten’). Mindful of privacy protection imperatives in the digital age, it further invites Canadian policy makers to rethink privacy in a more practically viable fashion – one predicated on protecting identity rather than property or procedural rights, in order to allow for a more nuanced and transnationally workable balancing of privacy and freedom of expression.

Full submission:

Note: As this submission was provided by an entity not subject to the Official Languages Act, the full document is only available in the language provided

The European Court of Justice’s much maligned decision in Google Spain SL, Google Inc. v Agencia Española de Protectión de Datos, Mario Costeja González handed down in May of 2014, appears to compel search engines (most notably Google, which it deems a “data controller”), to remove links to certain impugned search results at the request of individual Europeans (and potentially by others beyond Europe’s borders). It so held by virtue of the “right to be forgotten”, recently enshrined in article 12 of the revised 1995 European Data Protection Directive 95/46/EC. Further complicating an already thorny situation is the court’s failure to impart much-needed practical guidance in Costeja. More importantly perhaps, the decision underscores “the right to be forgotten’s” divisive character across common law/civilian lines – that now extends beyond the United States.

What is more, Costeja may inadvertently and ironically have the effect of appointing (chiefly American) ‘data controllers’ as unwitting private censors; arbiters of the European public interest. Indeed, the decision may be deemed a culmination of the growing divergence between Anglo-Saxon and continental approaches to privacy significantly extending beyond the United States, to the United Kingdom. In effect, as previously noted, the UK appears to be joining ranks with the United States in rejecting the ‘right to be forgotten’, at least as set out by the ECJ.

It further reflects internal normative contradictions within the continental tradition and emphasizes the urgency of re-conceptualizing digital privacy in a more transystemically viable fashion in Europe and beyond.

In light of the above, informational privacy, the following posits, must ultimately be re-theorized in a manner that would presumably obviate—or at the very least palliate—the need for a stand-alone ill-defined and under-theorized “right to be forgotten”, as set out at pains in Costeja. It is in essence a procedural right predicated on the impracticable idea that individuals “own” data, rather than a right to their identity itself and the perception thereof. It therefore fails to accord with the long-established civilian tradition of personality rights, which, unlike its common law counterpart, emphasizes personhood not property. In the end, a more robust—possibly transystemic but at least transystemically viable—construction of privacy predicated on protecting identity rather than property would allow for a conversation between common law and continental jurists and for a more nuanced balancing of privacy and freedom of expression.