The Right To Be Forgotten

Published on 2019-07-20 in Random Thoughts

Right after the Founding Fathers put the finishing touches on the Constitution, they were scratching their heads as there seemed to be something missing. Something big. That’s when James Madison proposed the Bill of Rightsin order to appease arguments made by anti-federalists that the state had too much power. Everyone knows at least some of these famous rights (assuming our middle and high school teachers did their jobs properly). They include the right to free speech, assembly, bearing arms, a public trial, etc. As we matured as a nation, our individual rights were expanded to include an end to slavery and the right for women to vote. It is time to expand our rights once more.

The people who crafted our Constitution were smart enough to know that they didn’t know everything. There would come a time when we would need to adapt the rules of our government as we underwent cultural and technological progress. That is where the right to be forgotten comes in.

Some Context
The right to be forgotten was part of a mid 2000s initiative by the EU to regulate the content of various items on the internet. For example, if I posted some embarrassing material and I wanted it to be removed, I could go to the proper authorities in the EU and they could mandate companies like Google and Facebook delink the content or subject the companies to a fine. Google could try to overturn the mandates if they make the case that the content has more benefit being public, and in 75% of those cases.

Then came GDPR in 2018. This was the previous “right to be forgotten” on steroids. It deals with tons of different aspects of citizens right to their personal information, and goes into full effect in 2020. Here are some things it dealt with

  • Right to access: If I was in the EU, I could request access to all my personal data (companies like Facebook and Instagram store hundreds of pages of information on the average user)
  • Right to erasure: If I was in the EU, I could request all my personal data is erased, and a company like Facebook would have 30 days to erase all my information.
  • Opt-in: If I was in the EU, my data is default private. Then I can opt-in to make my data available more publicly after reading what the information is used for.
  • Encryption:If I was in the EU, my personal data would have to be encrypted to prevent data breaches.

Notice how all of these rules apply only to people in the EU. In the United States, we haven’t passed these laws because these regulations put a lot of pressure all tech companies. The worry is that tech companies might limit operations due to fear of prosecution for violations of the above laws. It costs a lot of money to overhaul the design and management of personal information. At IBM, in anticipation of similar laws being passed in the US, we have begun migrating our global data to a more secure system that works better with requests of access and erasure. Big companies like Google are bleeding lots of money from EU lawsuits and are slowly changing their data methods just for EU citizens.

Why do we need this?
I’m sure a lot of people reading this are going to say “so what? I have nothing to fear since I have nothing to hide.” I was in this camp at first. However, I started thinking more about the implications. Imagine that Apple sent all your text messages to TransUnion so that they could use it to calculate your credit score. Or picture Netflix sending your viewing history to Chase, and Chase determines that there is a high correlation between liking horror movies and defaulting on your loan which leads them to reject your application. Or consider the United States government had access to your international calls and web history.

Well, that last part has been happening for years. After the 9/11 attacks, the US passed the PATRIOT Act which allowed organizations like the NSA almost completely unrestricted access to your international calls and web history to prevent acts of terrorism. However, you can sleep soundly at night since the US government is inept and a long time away from doing anything malicious with that information.

A government that isn’t as slow as the United States at using personal information to their advantage is China. China has already implemented a “social score” that it gives each of their citizens. If I make a Facebook post ranting about how I hate Chine (or if I use Facebook at all really), my score will drop. If my score is too low, I could have my travel permissions restricted.

So, what should we do?
There isn’t much we can do in the US at the moment to change government policy. Lobbyists all but ensure similar laws aren’t passed in the US very soon. They have a good argument that small tech companies simply wouldn’t be able to keep up and would take their business elsewhere.

However, being aware that your every action is being watched would be a good start. You can also start adapting technologies that prioritize your privacy. First, consider spending money for a good VPN. It will anonymize your proxy so your activity can’t be traced back to your device. Also, switch to applications which prioritize your privacy. For example, I recently transitioned to Signal for messaging. Signal is a service that encrypts your information so that only you and the receiving group can access texts/calls. It also allows you to set a timeframe after which that information is destroyed. Or you can just accept that we are heading for a tech dystopia, and there is nothing you can do.