Privacy has just taken on new meaning in Europe. The European Union’s highest court has ruled that any of the region’s 500 million citizens can compel Google and other search engines to remove information about them from the companies’ search results, even if that information is neither inaccurate nor unlawful. The surprising decision, which Google can’t directly appeal, is either a bold reclamation of privacy rights in the digital era or a mandate to let anyone rewrite history as they please, depending on your perspective. It’s also the clearest sign yet that U.S. and European data protection laws are heading down divergent paths.
The European Union has always placed an emphasis on protecting its citizens’ data. The latest ruling, for a case in which a Spanish lawyer demanded that Google remove links to an old news article about his debts, is based on a 1995 European Parliament directive that provided extensive protections for personal data. The Parliament is in the midst of passing an even more sweeping update to the law that will make “data protection first, not an afterthought,” according to the body. A key tenet of this new policy is the “right to be forgotten,” the idea that individuals have the right to delete information about themselves that is not legally required to remain online. “This is the fundamental right of an individual as opposed to the business right of a company,” says Marc Rotenberg, president of the Electronic Privacy Information Center. “When courts are asked to consider those claims, I think they rightly look more seriously at the individual’s claims first.”
The U.S. has no privacy protections that even approach the broad aims of Europe’s laws. It’s not because Europe is the innovator on this front—former Supreme Court Justice Louis Brandeis first introduced the “right to privacy” in the U.S. in an 1890 article in the Harvard Law Review that was globally influential. It’s also not because Americans don’t value their digital privacy. A recent study by the Pew Research Center found that 68 percent of American Internet users believe U.S. laws don’t go far enough to protect individual online privacy. But a variety of factors mean American privacy legislation will likely never reach the scope of Europe’s laws.
First, Europe’s new ruling is difficult to reconcile with the First Amendment, which grants citizens the right to free speech. A U.S. law that compelled a company like Google to limit the type of content it shows in search results likely wouldn’t pass muster in American courts, experts say, because it could be construed as a form of censorship. “The First Amendment really does prevent this kind of widespread unpublishing of data,” says Danny O’Brien, international director at the Electronic Frontier Foundation. “In the U.S., free speech sort of trumps privacy.”
Americans do have privacy protections, but they’re spread across a variety of state and federal laws that typically apply to specific groups of people. For instance, California has a law somewhat similar to the E.U. ruling that allows people to demand that tech companies delete their data, but it’s only for minors. On other online issues, like hijacking someone’s digital identity, punishments vary from state to state. With Congress’s ability to pass new legislation near an all-time low, it’s doubtful sweeping federal change will suddenly come on this front anytime soon. “The way in which the U.S. protects privacy is through a patchwork series of laws,” says Andy Sellars, a staff attorney for the Digital Media Law Project housed at Harvard University. “The EU has always tended to think of a privacy as more of an overarching thing that touches on all other domains.”
Read Full Story At Time