Computers Don’t Forget
People are able to forget things. Leaving aside the details of neuroscience, people forgive each other and are forgiven through the process of forgetting. They are able to make a break with the past. Computers, however, do not forget. In the Information Age, computer networks are woven around us like the threads of a spider’s web, and the personal information that gets caught in them is not forgotten. As a result, worries that the follies or pranks of youth could come back to haunt us when we go job-hunting or enter the workforce are becoming a reality.
Advocacy for the Right to Be Forgotten
When embarrassing personal information from one’s past is exposed on the Internet, it constitutes an invasion of privacy. If this is the case, shouldn’t we be protected from this invasion of privacy by the Act on the protection of personal information? After all, textbooks on constitutional law define the right to privacy in an information-oriented society as the right to control the flow of our own information, including the extent to which and the people to whom our personal information is shown. And this right has been specified to a certain extent in the Act. Given these facts, one would assume that you could tell the administrator of a website to delete or correct personal information about you. In reality, however, there is no guarantee that such requests will be effective. The actual identity of the webmaster is often unknown, and once the information has spread throughout the Internet, there is little one can do about it. In other words, our right to privacy is like a gun without bullets in the world of the Internet. This is one of the factors that have led to the concept of the “right to be forgotten”—a topic that has been gaining attention in recent years.
Although the EU’s proposal for a “General Data Protection Regulation,” published in January 2012, is still in the planning stage, it was revealed back in 2011 that the legislation would stipulate the right to be forgotten, which has since drawn a great deal of public attention. The actual content of this right would flesh out the right to erasure established in the current data protection laws of countries throughout the EU. To put it simply, the part of the EU regulation that has been determined so far is that people “have the right to have a data controller erase and stop disseminating their personal data, where the data are no longer necessary in relation to the purposes for which the data are collected or otherwise processed, where data subjects have withdrawn their consent for processing or where the data retention period to which they consented has expired, in the absence of any other legal basis for the retention of said data.” On the other hand, German critics such as the Pirate Party (Piratenpartei), which has been gaining support with its platform opposing Internet regulations, have criticized the proponents of this regulation by comparing their understanding of information technology to that of a child. Moreover, in a world connected via the Internet, the right to be forgotten is destined to remain a ‘gun without bullets’ until everyone living outside the borders of the EU comes to accept the same line of thinking. Furthermore, the aspect of the regulation that allows people to erase data from the past has raised concerns regarding freedom of expression in news reports and other kinds of media. The future of this right is thus still uncertain. One thing, however, seems clear—the manner in which the right to privacy is defined reflects the technology and social climate of the times. It is intriguing that a concept such as the right to be forgotten would be officially advocated in an era characterized by Facebook and Wikileaks.
The Reaction of the U.S.
The stipulation of the right to be forgotten for the EU regulation has provoked a reaction throughout the world. U.S. president Barack Obama released a draft of a “Consumer Privacy Bill of Rights” in February this year, as if to compete with the EU policy. The Bill of Rights includes an idea called “do not track.” This is a concept that would allow consumers not wanting their online behavior to be tracked to reject, or “opt out” of, online tracking at their own discretion. In the U.S., a country that stresses the importance of freedom of expression, however, the past cannot be erased. The position the U.S. has taken is to devise a certain measure of consumer protection, while being careful not to jeopardize the personal information industry or permit the establishment of laws that could threaten freedom of speech and freedom of the press. According to one Australian report on data privacy laws, although the U.S. and Europe sometimes arrive at the same conclusions regarding privacy, American privacy law tends to revolve around the concept of “freedom,” while European privacy law tends to revolve toward the concept of “human dignity.” While the two trajectories draw near each other, they do not overlap. The analogy aptly explains the U.S.’s reaction to the right to be forgotten.
The Situation in Japan
The issue of protecting personal information is a global issue from the standpoint of economics and security, a national issue from the perspective of culture, and often arises as a practical problem at the local level. The right to be forgotten is an issue of online privacy, as well as an international issue and a domestic issue. In Japan, we are still at the stage of familiarizing ourselves with the general outline of the discussion that has been going on in the EU. Leaving aside the question of how we will respond to this discussion, which is stalled at the planning stage, our country has traditionally gone about designing its own unique system for the protection of personal information while glancing sideways at data privacy policies in the EU and the U.S. Designing a system to address the problem of privacy and the protection of personal information is difficult, since the problem depends on the culture of the country in question. However, now that we live in an era when it is possible to collect and analyze a vast amount of individual lifelogs (logs of a person’s life and actions recorded through video, audio, location information and other digital data including a person’s web browsing history, Internet search history, movement history and communication history) due to the ubiquitous terminals that fill our homes and cities, the establishment of independent third-party organizations, which can advocate for these kinds of issues, may become an essential, standard feature of developed countries.
Professor, Chuo Law School, Chuo University
Areas of Specialization: Administrative Law, Information Law, Local Autonomy Law
Born in Mie Prefecture, Japan in 1954. Completed the doctoral program and earned his Doctor of Law degree at the Graduate School of Law, Hitotsubashi University. Taught as a professor at Kokugakuin University, a visiting professor at the University of Bonn, and a graduate school professor at the University of Tsukuba before taking up his current position in 2011 as a professor of law at Chuo Law School, Chuo University. His public activities include serving as a Member of the Information Disclosure and Personal Information Protection Review Board of the Cabinet Office, a Member of the Expert Panel on Personal Information Protection of the Consumer Commission, and a Member of the Consumer Affairs Council of the Ministry of Economy, Trade and Industry. His major publications include The Information Disclosure System [Jouhou Koukai Hou Sei] (Koubundou Publishers), The Information Disclosure Law: Its Principles and Origins [Jouhou Koukai Hou: So no Rinen to Naritachi] (coauthor; Gyosei), The New Course in Local Autonomy Law, Vol. 4 (Lawsuits by Citizens) [Saishin Chihou Jichi Hou Kouza 4 Kan (Jumin Soshou)] (coauthor; Gyosei), A Point-by-Point Guide to the Act on the protection of personal information [Chikujou Kojin Jouhou Hogo Hou] (Koubundou Publishers), and Administrative Law for Beginners [Hajimete no Gyoseihou] (coauthor; Yuhikaku Publishing, 2nd ed.).