Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The right to delete


Published on

Presentation from UCC CCJHR 2010

Published in: Education, Technology
  • Be the first to comment

The right to delete

  1. 1. The right to delete<br />Paul Bernal – London School of Economics<br />
  2. 2. Personal data on the internet<br />Massive amounts are held<br />Current commercial models rely on it<br />The data that is held is vulnerable – and may be increasingly so<br />The existence and use of that data is something that concerns people – and rightly so<br />It’s our data, isn’t it??<br />
  3. 3. The right to delete<br />To address the existence of this data<br />To encourage the development of business models that don’t rely on the holding of data<br />To begin the process of putting data subjects in control of their own data<br />
  4. 4. Personal data in the new internet<br />The Google/Facebook model<br />Behavioural tracking<br />Commercial data gathering<br />The market in personal data<br />
  5. 5. Data vulnerability<br />Physical loss – e.g. HMRC/MOD data losses<br />Hacking<br />Vulnerability to government action:<br />Subpoenas, USA PATRIOT act, Data retention<br />Swiss banking data/Chinese Google hackers<br />Commercial vulnerability<br />T-Mobile data-selling scandal<br />Changes of ownership etc<br />
  6. 6. What can happen to lost data?<br />Into the hands of criminals – nastier and better-targeted scams<br />Into the hands of governments – used without the normal restrictions (e.g. Germany)<br />Into the hands of less scrupulous or less controlled businesses or different jurisdictions<br />Into the overall data morass<br />
  7. 7. What can be done?<br />Systematic culture change – emphasis on data security<br />More powerful, better resourced and better supported data protection systems<br />Better use of technological protection – encryption etc<br />More community awareness of the issue<br />
  8. 8. But there will always be problems:<br />Human errors<br />Human malice<br />Technological errors<br />Community pressures<br />New technological and business ideas<br />
  9. 9. Data minimisation<br />Already a principle within data protection, but one that is effectively paid only lip-service to<br />It needs to be better enforced – both better detected and more harshly punished. <br />Punishment for data protection breaches are generally for losses or inappropriate processing, not for failures of data minimisation<br />Needs to be put in the hands of the data subjects<br />
  10. 10. New business models (1)<br />The drive behind the current web model has been the business concepts of Google and Facebook<br />New business models could bring about new changes – but how to get them to happen?<br />We need a change in assumptions – that unless you have a strong NEED to hold data, you should not hold that data<br />One key could be giving data subjects the right to delete<br />
  11. 11. New business models (2)<br />Currently it is the business that decides whether data should be held, anonymised or deleted<br />If that decision is put in the hands of the data subject, businesses would think twice before using business models that rely on the data being held<br />Instead, they might look for ways to use the data immediately, then discard it<br />
  12. 12. The right to delete<br />Not ‘the right to be forgotten’ – no rewriting of history or censorship<br />A change in paradigm. The assumption is that data can and should be deleted if the data subject wants it, unless there are pressing reasons the other way<br />The right needs to be made easily applied – access to data and then the ability to delete it directly on the web<br />A shift in the nature of data protection – putting the focus on the rights of the individual, not on the obligations of the data controllers<br />
  13. 13. When can data be held?<br />Paternalistic reasons – for the benefit of the individual (e.g. medical data)<br />Communitarian reasons – for the benefit of the community (e.g. criminal records)<br />Administrative or economic reasons – for the benefit of society (e.g. tax records, electoral rolls)<br />Archival reasons – for a good, accurate and useful historical record (e.g. newspaper records, British Library ‘right to archive’)<br />Security reasons – for national security or criminal investigations (e.g. data retention laws)<br />
  14. 14. Business reasons….<br /> ….are not enough<br />
  15. 15. Deletion and anonymisation<br />Closely related – and complex<br />Data can relate to more than one individual<br />Data controllers might offer the option to anonymise rather than delete – but it should be the data subject’s option<br />
  16. 16. Data protection principles<br />The right to delete extends and improves implementation of data protection principles<br />First point is better data access rights<br />Second is putting data minimisation in the hand of the data subject<br />Important to ensure that this right does not replace the data controller’s responsibility for data minimisation, but adds to it<br />
  17. 17. Implications<br />Gives individuals more control and autonomy<br />Forces those holding data to justify why they’re holding it – in such a way that users understand<br />Encourages the development of better business models<br />Could end up supporting individuals even in places where data protection doesn’t apply – because the big businesses develop global business models<br />
  18. 18. Human rights in the online world<br />With our online life more and more integrated into our offline life, we need to focus on rights in the online world<br />Those rights must include our ability to control and shape our digital footprint<br />The right to delete data is just one of the rights that will be needed.<br /><br /><br />