ICTlogy

Panel: Internet Privacy and the Right to Be Forgotten
Chairs: Esther Mitjans, Director of the Catalan Data Protection Authority and Professor of Constitutional Law at the University of Barcelona

Norberto Nuno Gomes de Andrade, Scientific Officer at the European Commission, working at the Institute for Prospective Technological Studies (IPTS, Spain)
The Right to be Forgotten. An Identity Perspective

The right to be forgotten should be anchored to the right to identity.

The data protection – data privacy – identity triangle: the data protection directive presents and apparently harmonious and coherent articulation of the concepts of data protection, privacy and identity. Data protection protects the righ to privacy by relying upon the notion of personal identity. This assumed harmonious connection is flawed and problematic. In reality, it is much more complex and dynamic.

Data protection should be procedural right, while data privacy and identity should be substantial rights. Substantial rights are a social interest, while procedural rights set the rules, methods and conditions through which those substantive rights are effectively enforced and protected.

Right to identity is the right to be unique, the persons’ definite and inalienable interest in the uniqueness of their being. The right to identity is infringed if person A makes use of person B’s identity in a way contrary to how that person B perceives his or her identity.

Right to privacy protects the personal condition of live characterized by seclusion from, and therefore, absence of acquaintance by the public. Right to privacy is only infringed if true private facts related to a person are revealed to the public.

The right to be forgotten can be seen from an identity perspective. Reinforces the anti-essentialism view of Ientity (a narrative identity): a process of negotiation, social construct, a matter of choices; corresponds to the ever-expanding manner in which law is allowing the individual to infuence aspecte of their identity; and matches the rational of the right to identity: the right not to have one’s identity miss represented, right to new beginning, right to be different Unot only from others, but also from one self).

The right to be forgotten from an identity angle also coves the facts that are already in the public domain, public factas, and covers also the not-necessarily truthful or decontextualized information, the one that is out-dated.

Milagros Pérez Oliva, Ombudsman of El País

It is worth noting that the information that appears on a newspaper is very different from the one that appears on a social networking site. In principle, all the information published in newspapers is public interest, and thus, that information should be publicly available. The problem is when (a) newspapers upload all their archives to the Internet and (b) finding out information (oftentimes serendipitously) is now easy and cheap and quick.

Historical archives cannot be modified and must be public. Period. Of course, that is not the final solution in the case of information vs. privacy, but the beginning of all problems. A first recommendation is to write new information according to some cautionary rules: avoid names (just initials) if the person is not a public celebrity, avoid contextual information that can lead to their identification, etc.

The problem comes with already published information. The suggestion could be to put out of the search engines’ reach some obsolete information. The problem comes, again, with defining what is obsolete information, or what has become non-relevant information.

Yet another problem, added to obsolete information or non-relevant, is incomplete information or plain wrong information. Those are pieces of news that were discontinued (e.g. trials) or never corrected and that pose a problem, as there are thousands of pieces of news within this category.

There is a need for a collective decision on how to add or link new information to an already published piece of news.

María González Ordóñez, Head of Legal for Spain, Portugal & Israel, Google Spain

Google’s policy is to not delete personal data from their cache if the original source has not also deleted those data. In this sense, Google is very respectful with what instructions a webmaster gives to Google (usually via robots.txt) in relationship with indexing and caching.

This policy is based in the fact that Google wants to provide what is available in the Internet. If Google erases information that still is on the net, the search engine will lose transparency and neutrality. On the other hand, there is also the fact that Google can do the very same claims of newspapers concerning the right to information and freedom of expression.

Ricard Martínez Martínez. Professor of Constitutional Law, Universitat de València

We have a dire need to balance the different rights put at stake with the digitization of our lives.

And as citizens usually cannot control their profile on the net, the responsibility to take action relies, on the one hand, on the legislator to design a legal framework, and on the other hand, on the online service and content providers.

We could try and have new tools to “prune” our public information. And those tools should be developed by the industry itself.

More information

• El olvido: El derecho a ser diferente… de uno mismo. Una reconsideración del derecho a ser olvidado, by Norberto Nuno Gomes de Andrade.
• ¿Tenemos derecho a ser olvidados en Internet? (IDP 2011), by Cristina Aced

Introduction by Esther Mitjans, Director of the Catalan Data Protection Authority and Professor of Constitutional Law at the University of Barcelona.

Three reasons why the right to forget is not already in the Law:

• We could not know.
• We did not know we were to lose all control on our own data,.
• We could not have known that segmented marketing would highly value personal data.

We face a trade-off between economic profits from data exploitation and privacy and security.

Cécile de Terwangne, Professor, Centre de recherche informatique et droit
Internet Privacy and the Right to Be Forgotten

Privacy does not mean intimacy or secrecy, but individual autonomy. In the context of the internet, it is informational self-determination, the control over one’s personal information. This personal information is made up by confidential data, but also by professional data, commercial data, published data, photos, films, sound…

In Europe, this “informational self-determination” has been recognized and protected by several norms, and the right to oblivion of the judicial/criminal past has been recognized by case law in several countries, based on the right to privacy or on personality rights.

The justification for the right to oblivion is justified by faith in human beings’ capacity of improving, the conviction that man should not be reduced to their past, the idea that once you have paid what was due, society must offer the possibility to rehabilitate.

But the right to oblivion conflicts with the right to information.

The criterion to resolve the conflict should be time:

• If there is newsworthiness, the right to information should prevail.
• If the information is no more newsworthy, then the right to oblivion should prevail.

What do we do, though, with digital newspapers archives and case law databases, which are clearly breaking the balance that we had reached?

Related to case law databases, the solution that has been proposed is anonymization, with respect of the purpose principle — by which only relevant data in relation with the purpose may be processed — and the proportionality principle — by which no excessive data may be processed.

Related to newspapers, one thing is to restrict the dissemination of old personal data, a different one is a right to delete those data. Deleting data out of “chronicles” is tempering on one’s own history.

On the other hand, there is of course a conflict with freedom of the press, a conflict that becomes a dilemma as there is not an a priori hierarchy amongst personal rights freedom of the press or the right to information.

In general, though, legislation shows that too many definitions/thresholds are subjectively defined, like “data won’t be kept longer than necessary” or some conditions under which it is possible to anonymize or delete data.

With the pervasiveness of the Web 2.0 and cloud services, there is a claim for a new right to oblivion, due to the problem of long lasting records kept by certain Internet actors of traces unconsciously left when surfing the web. But, again, as some economic models heavily rely on those data basis, there is a trade-off between personal and corporate rights.

A first solution is having the possibility to stablish a right to have information deleted and not only rendered inaccessible.

Another solution could be based on basing the right to be forgotten on a right based on the no-collection of personal data and established by default, that is, privacy by design.

More information

• Privacidad en Internet y el derecho a ser olvidado/derecho al olvido, by Cécile de Terwangne.
• ¿Tenemos derecho a ser olvidados en Internet? (IDP 2011), by Cristina Aced

Conclusions for day 1
Javier de la Cueva, Lawyer.

First of all, it is worth noting the role of Philosophy when talking about Net Neutrality. We are indeed building a new world, and this new world is not about machines, but about people. And the question is not about Net Neutrality, but about what will be the new 4th generation fundamental rights that we want for our future.

Another important issue is the definition of jurisdiction. And this jurisdiction is not only geographical, but can also be understood all along the value chain Internet provided content and services. We can speak about the different layers that make the Internet up, of about the different ends of the service, etc. But the truth is that there are many actors on the Internet and many of them belong to different legal, technical or factual jurisdictions.

A missing point during the Congress is the asymmetry of download and upload speeds. This asymmetry makes it more difficult peer-to-peer sharing, and makes it more difficult to become a real prosumer.

Again, the important thing is what do we want. In matters of Net Neutrality, do we want Net Neutrality as a right, as a principle or as a goal.

In some way, the absence of net neutrality is like adding a layer of obscurity and unfairness amongst two layers of freedom: the layer of free software, the free code that runs the Internet; and the layer of free content, the one that is freely created by the contributing users.

Of course, we have to be aware that with great power comes great responsibility: we have to acknowledge that a lot of work has still to be done in issues like privacy, reputation and honour, security, etc. Part of the solution comes, evidently, with lawyers and policy-makers learning much more on how the Internet and technology in general work.

More information

• Relato del VII Congreso Internacional sobre Internet, Derecho y Política: Neutralidad de la red y derecho al olvido, by Javier de la Cueva

Track on fundamental rights, freedoms and liability on the Internet
Chairs: Clara Marsan Raventós. Lecturer, School of Law and Political Science (UOC)

Patricia Escribano Tortajada
Right to honour vs. freedom of expression in the Net

Defamation on the Internet has become quite an extended practice. What are the limits to freedom of expression vs. the right to honour? And what are the limits of the right to honour vs. freedom of expression?

There is a difference between illicit content — which is against the law — and harmful content, which may damage your reputation while being completely legal.

Some elements are aggravating the problem of harming one’s honour: the high volume of digital content, anonymity and trolling, advertising in websites (i.e. not requiring login for being able to post content), who can access the content, etc.

What are websites doing? Requiring authentication (at least via e-mail), terms of use, ability to edit comments, report inappropriate comments, etc. Some of them, though, are actually a potential threat against freedom of expression.

Most of the law is aimed at protecting the ISP while the citizen remains unprotected. There should be an effort in trying to define better the limits of the right to honour and freedom of expression, when and how regulation applies and, most especially, how do we protect the individual.

Primavera De Filippi, Smári McCarthy
Cloud Computing: Legal Issues in Centralized Architectures

Cloud computing has had a side effect in personal communications: when most of them used to be peer-to-peer through a decentralized service (most times a desktop and one’s own server), now many communications have shifted to public and into centralized services.

Most users do not know how to read the terms of service or would just not read them. Thus, they think they are getting services for free while they are giving away many of their rights.

Another side effect is the lock-in that happens once you’ve got your data and content out in the cloud, and can but just manage it remotely, not massively and with serious concerns whether this content still is your property.

We cannot only rely on national law when it comes to the Internet, but international agreements do not seem to do better. So, what should be done?

Anne W. Salisbury
Anonymity, Trash Talk and Cyber-Smearing on the Internet

The first thing that one has to demonstrate defamation is that the statement made is opinion and not fact, and that is has been exaggerated.

But on the Internet it also depends on other aspects. For instance, the blog were the statement is made and the use of the language (i.e. some words do not any more refer to the original definition of that word, but have become slang with different meanings).

So, many supposed libels or defamations are not such when looked under a different glass.

Indeed, disclosing the anonymity of the “defamators” can sometimes be much more harming that the supposed defamation they committed.

Mª Dolores Palacios González
The stress between impunity in the Net and limiting freedom of expression

There are many examples where anonymous contributors to blogs or forums insult third parties, including individuals, governments and firms. ISPs usually have the safe harbour that most Internet laws provide according to which they have no liability on such harmful comments and statements in general. Though the problem still exist: there are harmful comments on many websites.

But some exceptions should be made, or at least some issues taken into consideration.

For instance, if there is comment moderation, the act of editing and/or approving the comment with defaming statements should not be protected with the safe harbour for ISPs.

Alicia Chicharro
The space of freedom, security and justice and cybercrime in the European Union

The Lisboa treaty shifts “upwards” many of the decisions related to crime and cyberlaw, resulting in a top-down approach to penal law in the member states. There is, though, the right to veto a directive, and also the principle of subsidiarity. Cybercrime is included within this new framework.

Track on Intellectual Property Rights on the Internet
Chairs: Blanca Torrubia Chalmeta. Lecturer, School of Law and Political Science (UOC)

Monica Horten
Copyright at a Policy Cross-Roads – Online Enforcement, the Telecoms Package and the Digital Economy Act

What is copyright enforcement? Enforcement is about punishment, about forcing people to do things under penalty of being punished otherwise. That is usually done through courts, and can be written down in obligations (law, regulations, etc.) or even contracts (e.g. contractsthat users sign with service providers).

Sometimes enforcement will also imply a diminution of certain levels of privacy.

What the ‘Telecoms Package’ and the ‘Digital Directive’ tell us is that the fight to enforce copyright law is directly affecting mostly privacy issues and other fundamental rights.

Evi Werkers
Intermediaries in the eye of the copyright storm: A comparative analysis of the three strike approach within the European Union

File sharing still is increasing and becoming pervasive in all activities and strata of the society. And most measures to fight ‘piracy’ have failed. The safe harbour that was build for ISPs is, nevertheless, not unlimited.

Indeed, the enormous complexity of services provided by some operators have made it more difficult to tell whether an ISP is such, whether it is a content or a service provider, etc.

And we are still to find failures in terms of legality (of laws), proportionality, respect to fundamental rights, exemption of liability, etc. There is also a concern on how active preventive measures can still be neutral, or how traffic can be (fairly) managed.

Qian Tao
“Neutrality” Test on web 2.0 Platform for its intermediary liability in China and in Europe

The Tort Liability Law 2010 and the Regulation for the Protectoin of Information Network Dissemination rights are the framework for Internet regulation in China. They provide, like other laws, the safe harbour for web 2.0 service providers.

In order to harmonize different opinions in different courts, the Higher Court of Beijing issued a guide to help the courts take the correct decisions. For instance, the “No direct financial benefit” guideline: even if there are ads, if there are no charges to download/see the video, there is no infringement.

Those guidelines, though, are just guidelines, thus are not compulsory and only apply for the Beijing region.

Benjamin Farrand
‘Piracy. It’s a Crime.’ – The criminalisation process of digital copyright infringement

The criminal enforcement directive seemed to be dead, but the Pirate Bay case sort of brought it back to life. Piracy is increasingly linked to theft, to organised crime, to terrorism. Notwithstanding, research shows that online piracy is not likely to be linked with organised crime or terrorism. We cannot even find what is the methodology used to calculate the (real) losses for the industry of counterfeit material or how damaging is piracy in general.

There is a need for re-assessment, and law-making on the basis of empirical evidence and concrete studies – not industry lobbying. The Hargreaves Review (2011) states that in the case of copyright policy, there is no doubt that the persuasive powers of celebrities and important UK creative companies have distorted policy outcomes.

Track on Net Neutrality
Chairs: Rodolfo Tesone Mendizabal, President of the SDTIC (Information and Communication Technology Law Section at the Barcelona Bar Association)

Helena Nadal Sánchez
Without Net Neutrality, where then the universal logic of innovation?

Postmodernism is based on neo-liberal ideologies that do not acknowledge the lockean concept of (necessary, public) control, or the habermassian concept of the agora, the place to meet and share insights and knowledge.

A sustainable development of the Internet should be agreed. Knowledge societies cannot be built if knowledge does not flow freely. The basis of innovation is not only talent, but the exchange of knowledge.

David Arjones Giráldez
Net Neutrality from the perspective of its layer-based architecture: from public carriers to content managers?

The layer-approach to define the Internet is based on splitting it in different layers, at least three: physical layer, logic layer, content and services layer. There are three principles:

• Each layer must be fully regulated in its own.

An agent in a layer must not operate in any other layer.

• Regulation must be layer-aimed. A specific rule can apply to many of them, but they should not be designed with this goal in mind.

Within this framework, the problem of Net Neutrality can be approached different than usual.

For instance, if operators are tampering on content or services, they are going against the rule where agents cannot operate in but one layer.

Thus, the saturation of the network can be solved with a layer-based new pricing model, but without altering the rest of the layers.

Cristina Cullell March
Net Neutrality and freedoms in the telecommunications reform in the European Union: are they present in whole Europe?

The La Rue report (PDF, 140Kb) for the United Nations (May, 2011) states that access to the Internet should be as a fundamental right. How is Europe treating this right?

Key aspects of Net Neutrality that the EU has already include in their directives:

• Freedom of choice.
• Transparency.
• Quality of service.

European institutions before Net Neutrality:

• The European Commission thinks an open Internet is a major concern. Indeed, it guarantees the “freedoms on the Internet” of the European citizens, and informs the Council and the Parliament.
• European Parliament links Net Neutrality with Digital Rights.
• ORECE: member states are responsible for guaranteeing the neutrality in their territories. Guarantees the normative coherence and harmonization in the European Union. It publicizes good practices.

Does the EU require a complementary regulation on Net Neutrality? Surely we have to work harder on defining transparency and in setting a minimum threshold for quality of service.

José Manuel Pérez Marzabal
Open Internet, Net Neutrality and defence of the competence

There is some overlapping, a symmetry between antitrust regulation and the telcos regulation. And even if maybe the debate around Net Neutrality is not be a debate on the telecommunications’ market competition, more market competition undoubtedly favours major degrees of neutrality.

Clara Marsan Raventós
The Net as a public space: Is Net-neutrality necessary to preserve on-line freedom of expression?

It’s increasingly difficult to think about things one cannot do on the Internet. As a space, people are used to meet in that “space” regardless on who is actually providing the technological platform, only aiming at not being banned or filtered on that public space.

So, as a public space, the Internet becomes more important and the management of the information that populates is becomes a crucial aspect for the society.

Of course there are limits operating on the Internet, as public morality… as anything that already operates in the physical world. The problem being that while the Internet is truly global, such a thing as public morality is exclusively local, cultural, social.

The, which are the actors that can control the Internet and who can say whether public morality should or should not be an issue in the Internet?

There already is a vast array of tools that can be used for censoring content on the Net. And worst of all, those are tools that are decentralized and can be applied at different levels of the chain of content transmission. As tools are widespread, so are the different actors that can apply them in their processes.

Negotiation must then be a multistakeholder one.