Forgetting plays a central role in human decision-making. It lets us act in time, aware of, but not shackled by, past events. Once we have perfect memory, Borges suggests, we are no longer able to generalize and abstract, and so remain lost in the details of our past.
Because of digital technology and global networks, the norm of forgetting has shifted. Today, with the help of widespread technology, forgetting has become the exception, and remembering the default.
As professors John Palfry and Urs Gasser have detailed, disclosing one’s information – whether on Facebook status updates, personal blogs and comments, photos, friendships, and relationships, content preferences and identification, one’s geological location, or just short text updates – “tweets” – has become deeply embedded into the culture around the world.
The question now is do we want a future that is forever unforgiving because it is unforgetting?
“Now a stupid adolescent mistake can take on major implications and go onto their records for the rest of their lives,” If we had to worry that any information about us would be remembered for longer than we live, would we still express our views on matters of trivial gossip, share personal experiences, make various political comments, or would we self-censor? The chilling effect of perfect memory alters our behavior.
For even more pervasive example, take the Internet search engines. Crawling web page by page, Google, Yahoo!, Microsoft Bing, index the World Wide Web, making it accessible to all of us by simply typing a word or two into a search field. We know and assume that search engines know a great deal of the information that is available through web pages on the Internet. Over the years, such easy-to-use searches have successfully uncovered information treasures around the globe for billions of users. However, search engines remember much more than just what is posted on web pages.
All these concerns seem to suggest that the implementation of a ‘right to be forgotten’ would be filled with problems. It could face resistance from media, politicians, big players of the internet – and potentially from any number of other businesses operating online. Although some of the reactions may be emotional and sometimes based on misunderstanding of what is being proposed, they do reflect significant and relevant concerns like fears of censorship, and rewriting history. However, the amount of personal data gathered and held on the Internet is enormous. The existence of that data itself is a concern –what’s more, that data appears to be increasingly vulnerable.
One of the principle aims of the ‘right to be forgotten’ in general is to put power into the hands of individuals, power that can and should restrict the actions of those who might misuse or take advantage of the sensitive information available on the World Wide Web.
On 13 May, 2014, the Court of Justice of the European Union (ECJ) handed down a controversial decision against Google Inc. and its subsidiary Google Spain concerning what now is known as ‘right to be forgotten’. The ECJ held that, as a search engine, Google was engaged in data processing activities within the meaning of the EU directive on data protection. Further it was held that Google was a data controller under the Directive because it was able to determine the purpose and the manner in which the data are to be processed. As such, the ECJ found that, in accordance with the Directive, Google is obliged (in certain circumstances) to remove links to a web page containing information relating to a person that is outdated or irrelevant. This is so even when the data remains lawfully published by the websites to which the search results point.
The factual background for the court’s decision is briefly as follows: a Spanish lawyer, Mario Costeja Gonzáles, had to sell off some of his property in insolvency proceedings in the late 1990s. A Spanish newspaper reported on the proceedings at the time, and was indeed required to do so under Spanish law. Gonzáles resolved his financial problems, but when the newspaper later established an online service, its reports of the property sale became accessible by ‘googling’ Gonzáles’ name. In 2010, he asked the newspaper to remove the information from its online service but the newspaper refused – a stance subsequently acquitted by Spanish authorities. He also requested that Google remove search results relating to the information concerned. Google’s refusal to do so led to the litigation that eventually ended in it sustaining a serious blow before the ECJ.
The decision has been welcomed by advocates for increased data protection including the EU Commissioner Viviane Reding and the UK Information Commissioner as an important step forward in the protection of individuals’ rights. However, some have criticized it for potentially extending the ‘right to be forgotten’ beyond its intended operation and for failing to adequately balance freedom of expression, freedom of information and the interests of the public against the interests of the data subject.
The ECJ ruled that Google’s operations as a search engine included: searching for information, collecting data, retrieving, recording and organizing data, storing such data and making it available to users in the form of search results. The named activities amounted to data processing under Article 2(b) of the Directive. The operator of the search engine is the ‘controller’ in relation to data processing within the meaning of the Directive because the operator, in this case Google, determines the purposes and means of the processing.
Google Spain constituted an ‘establishment’ and, as such, the Directive, in the form implemented by Spain applied. The Court held it was established despite the fact that Google Inc. rather than Google Spain carried out the search activities.
The ECJ noted the legitimate interests of Internet users and the economic rights of the search engine should be balanced against the individual’s fundamental rights to privacy. Such assessment will depend on the nature of the information and its sensitivity to the person in question against the interest to the public in having that information, which will vary according to the role played by that person in public life.
The controversy of the decision arises particularly where the ECJ argued that a search engine could be a data controller and therefore responsible for its data processing. However, the decision has drawn the most criticism in relation to the ECJ’s application of the ‘right to be forgotten’.
A key question in the litigation was Google’s status as a search engine operator under European data privacy law. In particular, was Google to be regarded as ‘controller’ of the personal data residing in the links indexed by its search engine? The controller role, described by the ECJ, kicks in when the entity concerned helps to determine the means and end of data processing, and it enhances the entity’s legal responsibilities for the data. Google has argued it could not be a controller since it’s merely performing in a robotic capacity and exercises slight control over the content of search results. However, the Court disagreed and bestowed upon Google countless duties under European data privacy law. One such duty is to execute justified requests to delete search results in which certain types of personal data reside.
The ECJ’s decision placed Google in an uncomfortable position.
“We like to think of ourselves as the newsstand, or a card catalogue, we don’t create the information. We make it accessible.”
A decision like this, forces the company into a role it doesn’t want and forces Google to decide what goes inside the ‘card catalogue’. Google sees itself as a mere ‘broker’ between reader and publisher. The company wanted nothing to do with the business of regulating content.
Marc Rotenberg argues that the notion of Google as a passive intermediary in the modern information economy is questionable. “The ‘card catalogue’ metaphor is wildly misleading. Google is no longer the card catalogue. It is the library – and it’s the bookstore and the newsstand. They have all collapsed into Google’s realm.” Supporters of the Court’s decision see it, at least in part, as a vehicle for addressing Google’s enormous power.
 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González, Case C‑131/12 
 Directive 95/46EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ 1995 L 281)
 Kent Walker, the general counsel of Google
 The president of the Electronic Privacy Information Center, in Washington, D.C