The globalization and ubiquitous character of information in the era of social media and cloud computing has led to a loss of control over individuals’ own data, who face significant difficulties to understand and measure the consequences of the disclosure of their personal information on the Internet, as well as the means and the context in which they are or will be processed. Under the reviewing process of the EU Data Protection Directive, the “right to be forgotten” appears to be the means by which individuals will be able to regain control over their data. However, implementing the new right in the ICT environment and striking the proper balance between conflicting rights, such as the freedom of expression, will not be easy. The purpose of the chapter is to identify the challenges that Web 2.0, Web 3.0, and cloud computing technologies raise, focusing on how these challenges are addressed under the new “right to be forgotten” and providing an insight of the alternative “quasi legal” measures that emerge.
TopIntroduction
Even before the digital revolution, the ability of individuals to maintain control over their data against improper discovery dissemination or misuse was threatened by governments (wiretap telephone lines, censorship), companies (misuse of customer data), and individuals (identity theft). However, the recent emerging technological and social phenomena, such as social media and cloud computing pose crucial challenges for data protection.
Control is an important data protection concept. In the Web 2.0 and Web 3.0 era privacy relates to the knowledge of what data is collected and for what purpose they will be used, having choices about how they are used, being confident that they are secure and that the data controller and data processor will be held accountable for their collection and use. Another aspect of control is also the right to know and control where such data are transferred (the country, to which data are transferred, if the country’s level of data protection is adequate), as well as the third party or external application (games, quizzes etc), which gains access to such data.
Personal data has become an increasingly valuable currency. However, while the collection and monetization of user data has become a main source for funding “free” services like search engines, on-line social networks, news sites and blogs, neither privacy-enhancing technologies nor its regulations have kept up with users’ needs and privacy preferences. This paper will set out the characteristics of a changing technological environment and socio-economic context and identify the challenges the new ICT technologies pose to individuals’ privacy.
The right to informational self-determination includes the notion of control over ones data and the principle of data portability. In addition to that, the widely applauded principles of necessity, proportionality, data minimization, and transparency grant to data subjects with the right ask for a limited period of data retention, rectification/deletion, to ask for information when data are published/transferred to third parties as well as information about the location of their data in the cloud. However, it is questionable whether the existing principles can be applied effectively against the new privacy invasive technologies. Under the reviewing process of the EU Data Protection Directive, the “right to be forgotten” appears to be an effective means by which individuals will be able to regain control over their data.
It is acknowledged that the codification and implementation of the new right will face the difficult task of striking the balance between the right of privacy and other individual’s or society’s existing rights, such as the freedom of expression and the freedom of society to record history.
However, although binding legal requirements, such as the “right to be forgotten” is likely to be rather difficult to be implemented and enforced, “quasi-legal” measures such as self-regulation, privacy by default, data minimization and data portability appear to be able to secure the data subjects control over their data in the new ICT environment.