Last week, the highest court in the EU promulgated a new privilege for its denizens, namely the right to have links to undesirable information removed from search engines. This ruling has been greeted with opposition by pundits, jeers by the technocrati, and ridicule by comic talk show hosts, even though it was the result of principles in place in the EU constitution since 1995. What is surprising to some in the ruling is that search engines were designated as "data providers," and hence, subject to the same rules as credit bureaus and government agencies.
The question of whether search engines are genuinely data providers can be argued from either side: If you believe that search engines do no more than match users with data items they're looking for, the ruling will likely seem remarkably out of touch. However, if you view them as data providers, then the ruling will appear fitting. I tend towards the latter view, in the same way I view credit bureaus as data providers, even though they principally collate information given to them by external parties. Credit bureaus, like search engines, sift the data and provide conclusions based on it: A credit rating in the first case, a page ranking in the latter. Moreover, all major search engines hold caches of the Web pages they visit and so they do more than transparently link to the ultimate item, they do actually hold the data those Web pages publish and provide it to users. Ultimately, I think, it's difficult not to view them as data providers, perhaps of a limited sort.
A principal concern articulated by pundits is that the ruling will allow people who have done bad things to avoid accountability. Let's first note that a limited right to hiding transgressions already exists in many countries, including the US. Minors tried and convicted as such can have their records expunged or sealed upon reaching the age of majority. Likewise, certain infractions committed by adults can be expunged, depending on state laws and sentencing deals. As to civil matters, the same thing is true for bankruptcies, which are removed from credit records after either 7 or 10 years. This latter point is important because it served as the basis for the original case in the EU decision: a Spaniard whose house had been repossessed in 1998 wanted links to the event removed. In the US, that repossession would have long ago disappeared from his credit record. This doesn't strike me as unfair or improper.
Private handling of past sins is a standard part of business, as any employer knows when they try to gain insight into the work history and possible problems experienced by previous employers of a candidate. The laws make it almost impossible to obtain negative information. As in the previous examples, these laws are intended to provide individuals a chance to recover from earlier ill-considered behavior. It is hard to construct a reasonable argument that formalizing such confidentiality is somehow deleterious. Such a position is pitiless and unsparing.
An important counter-argument to my view is the possibility of abuse by people who want to paint over inconvenient or embarrassing statements, such as a racially charged phone recording that threatens a career or business interest. If they can successfully petition to have links removed, they can change the perception of them, at least online. My colleague, Tom Claburn at InformationWeek, goes so far as to assert, "The right to forget appears to be an obligation to lie." I don't buy this argument. First of all, it's most unclear what links can be taken down. Given the EU's long history of formulating detailed and extensive regulations, it's highly likely that they will publish guidelines developed after considerable input from the public and affected businesses. This has been their tradition for most of their history.
Even if the regulations end up being loose enough that some abuse is possible, we will have at worst an incomplete portrait of an individual or entity. That is little different from the situation today. As I mentioned earlier, lots of information about any given person is simply not available on the Internet. And yet, we've all managed to survive with these incomplete pictures.
For a classic example of this model at work, look at LinkedIn. You can write an unfavorable review of someone and place it in their profile, but they have an unlimited right to take down your comments. Hence, if third-party readers of the profile think that the LinkedIn page is a complete representation they have always been wrong. Unless voluntarily provided, no Internet search will provide information on health status, grades in college, amount paid in taxes, failed business ventures, extra-marital affairs, and so on. We've known all along that portraits of individuals are inherently and substantially incomplete. There is no lie because there never was the contention that a complete picture could be assembled. All that EU denizens will now know is that the fragments they currently can dig up on someone may omit details that the target individual wants forgotten.
This seems to me like a small penalty for enabling individuals to diminish access to widely dispersed invalid, invasive, or irrelevant old information, and to permit them to move forward without being shackled forever by a past misdeed or improvident decision.