The right to delete


Published on

Presentation from UCC CCJHR 2010

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The right to delete

  1. 1. The right to delete<br />Paul Bernal – London School of Economics<br />
  2. 2. Personal data on the internet<br />Massive amounts are held<br />Current commercial models rely on it<br />The data that is held is vulnerable – and may be increasingly so<br />The existence and use of that data is something that concerns people – and rightly so<br />It’s our data, isn’t it??<br />
  3. 3. The right to delete<br />To address the existence of this data<br />To encourage the development of business models that don’t rely on the holding of data<br />To begin the process of putting data subjects in control of their own data<br />
  4. 4. Personal data in the new internet<br />The Google/Facebook model<br />Behavioural tracking<br />Commercial data gathering<br />The market in personal data<br />
  5. 5. Data vulnerability<br />Physical loss – e.g. HMRC/MOD data losses<br />Hacking<br />Vulnerability to government action:<br />Subpoenas, USA PATRIOT act, Data retention<br />Swiss banking data/Chinese Google hackers<br />Commercial vulnerability<br />T-Mobile data-selling scandal<br />Changes of ownership etc<br />
  6. 6. What can happen to lost data?<br />Into the hands of criminals – nastier and better-targeted scams<br />Into the hands of governments – used without the normal restrictions (e.g. Germany)<br />Into the hands of less scrupulous or less controlled businesses or different jurisdictions<br />Into the overall data morass<br />
  7. 7. What can be done?<br />Systematic culture change – emphasis on data security<br />More powerful, better resourced and better supported data protection systems<br />Better use of technological protection – encryption etc<br />More community awareness of the issue<br />
  8. 8. But there will always be problems:<br />Human errors<br />Human malice<br />Technological errors<br />Community pressures<br />New technological and business ideas<br />
  9. 9. Data minimisation<br />Already a principle within data protection, but one that is effectively paid only lip-service to<br />It needs to be better enforced – both better detected and more harshly punished. <br />Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisation<br />Needs to be put in the hands of the data subjects<br />
  10. 10. New business models (1)<br />The drive behind the current web model has been the business concepts of Google and Facebook<br />New business models could bring about new changes – but how to get them to happen?<br />We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that data<br />One key could be giving data subjects the right to delete<br />
  11. 11. New business models (2)<br />Currently it is the business that decides whether data should be held, anonymised or deleted<br />If that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being held<br />Instead, they might look for ways to use the data immediately, then discard it<br />
  12. 12. The right to delete<br />Not ‘the right to be forgotten’ – no rewriting of history or censorship<br />A change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other way<br />The right needs to be made easily applied – access to data and then the ability to delete it directly on the web<br />A shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers<br />
  13. 13. When can data be held?<br />Paternalistic reasons – for the benefit of the individual (e.g. medical data)<br />Communitarian reasons – for the benefit of the community (e.g. criminal records)<br />Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls)<br />Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’)<br />Security reasons – for national security or criminal investigations (e.g. data retention laws)<br />
  14. 14. Business reasons….<br /> ….are not enough<br />
  15. 15. Deletion and anonymisation<br />Closely related – and complex<br />Data can relate to more than one individual<br />Data controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option<br />
  16. 16. Data protection principles<br />The right to delete extends and improves implementation of data protection principles<br />First point is better data access rights<br />Second is putting data minimisation in the hand of the data subject<br />Important to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it<br />
  17. 17. Implications<br />Gives individuals more control and autonomy<br />Forces those holding data to justify why they’re holding it – in such a way that users understand<br />Encourages the development of better business models<br />Could end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models<br />
  18. 18. Human rights in the online world<br />With our online life more and more integrated into our offline life, we need to focus on rights in the online world<br />Those rights must include our ability to control and shape our digital footprint<br />The right to delete data is just one of the rights that will be needed.<br /><br /><br />