- Created: 02 January 2013
Privacy is considered a right in the EU, and the European Commission, the EU's executive arm, wants the right to be more rigorously enforced, writes Stephen Gardner.
We all do things we later come to regret. It might be a few drinks too many leading to an aching head the next morning. It could be wearing an ill-advised shirt or dress to a party. It could be, as your correspondent knows from bitter experience, buying at auction a car that turns out to be clunker.
Usually we can learn the lessons and move on. But sometimes mistakes come back to haunt us. This can especially be a problem for users of social media: uploaded photos of drunken party antics might seem funny the next day, but can lose their appeal after months or even years have passed.
They will certainly seem less funny if seen by a potential employer. Andrew Walls, a vice president of information technology researchers Gartner, says that there have been “recent examples of a small number of organisations requesting Facebook login information from job candidates”. Companies want to get an idea of who they are employing, but this could lead to the uncovering of personal information – including those drunken party pics.
A Gartner report published in mid-2012 found that by 2015, 60% of major corporations expect to have a formal programme in place to monitor the social media behaviour of their employees. Ten percent of companies do it already. The justification is that companies need to make sure confidential information is not being accidentally given away. But personal information could be “exposed accidentally or become the target of voyeuristic behaviour,” Walls says.
In the face of these trends, the European Union has decided to act. Privacy is considered a right in the EU, and the European Commission, the EU's executive arm, wants the right to be more rigorously enforced.
Right to be forgotten
A Commission proposal for tighter data protection rules is currently under discussion in the European Parliament. Among the privacy rights being debated is a “right to be forgotten”. Facebook, Twitter and similar sites will be obliged to delete user information if the user so desires. Other services, such as loyalty or store cards, which collect information on users' purchasing habits, will be subject to the same requirement.
It sounds good: individuals can add information about themselves to a social networking site, but can also remove it once its purpose has been served. But in practice, being forgotten might be difficult.
A recent report by the European Network and Information Security Agency noted that for personal data to be deleted, there must be a clear definition of what personal data is. Sometimes it is obvious: name, address, eye colour and so on. But what about data that is “personal” but not necessarily linked to an individual, such as the list of websites visited by a particular computer with a particular IP address? What about photos that include you uploaded to social sites by people you might not even know, for example if you were in the background at an event?
Another thorny issue is how requests to delete information will be handled if the subject of the information cannot themselves make the request. If someone dies, for example, should their family have the right to ask for removal of their Facebook page? The European Parliament is attempting to find a way through these thorny issues, and will in early 2013 publish a more detailed description of what exactly the “right to be forgotten” might look like.
A version of this article was published in (A)Way Magazine.