The ‘right to be forgotten’ is ‘unworkable, unreasonable and wrong in principle’ according to a House of Lords report backing the government’s opposition to EU privacy protection laws.
The directive, also referred to as the ‘right of erasure’, enables a person to ask the online ‘data controller’ to remove links to data regarded by the subject as prejudicial.
It derives from the 1995 EU Data Protection Directive, drafted three years before search engine and ‘data controller’ Google was founded. The directive is given effect in the UK by the Data Protection Act 1998.
In Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González the Grand Chamber of the Court of Justice of the European Union (CJEU) ruled in May that data could be erased on request if it was ‘inadequate, irrelevant or no longer relevant, or excessive’.
The judgment, together with proposed Europe-wide data protection laws due to be agreed in 2015, caused concern over censorship and misuse by politicians and others who want to bury their pasts.
The UK government is opposed to the right to erasure and will seek to water down the new provisions.
A report by the House of Lords home affairs, health and education EU sub-committee, published today, agrees with the government’s stance, stating the right to be forgotten is ‘misguided in principle and unworkable in practice’ and ‘must go’. Any reference to it or to erasure, they said, must be removed from the updated EU regulation.
The committee's report says the CJEU’s ruling had created an ‘unworkable and unreasonable’ situation, which had already resulted in Google's European sites dealing with more than 70,000 data removal requests.
The committee says the court’s ruling does not take into account its effect on smaller search engines which are unlikely to have the resources to process thousands of removal requests.
It also says it is ‘wrong in principle’ to leave it to search engines to decide whether or not to delete information, based on ‘vague, ambiguous and unhelpful’ criteria.
The report concludes there are ‘strong arguments’ arguments for saying search engines should not be classed as data controllers under data protection laws, making them liable as ‘owners’ of the information they link to.
It argues that individuals should not have a right to have links to accurate and lawfully available information about them removed simply because they do not like what is said.
Peers also recommend that the government ensures that the definition of ‘data controller’ in the new regulation is amended to clarify that the term does not include ordinary users of search engines.
Committee chair Lady Prashar said: ‘It is crystal clear that neither the 1995 directive, nor the CJEU’s interpretation of it, reflects the incredible advancement in technology that we see today, over 20 years since the directive was drafted.
'Technology advances at ever-increasing speeds and it is incredibly difficult for legislation to keep up - never mind future-proof - the unforeseen leaps that technology is bound to make.
‘However, what we can do is ensure that the regulations and directives that we do draft are sensible, taking into account the current situation and the likelihood of ever-increasing amounts of available data, and decide not to try and enforce the impossible.’