What is the current situation regarding the “Right to be Forgotten”?
BZ: It's a fairly sensationalist term. It's not something that is explicitly in law right now, but seems to be supported by a lot of people who don't understand digital technologies actually work. A lot of people, especially policy-makers, are used to paper-based information and the principles and assumptions which come with them. They are used to those, and try to translate them to digital technologies. You see that in copyright enforcement, in privacy, and many other areas of information policy. People haven't gotten their heads around what digital information actually is, or how it behaves, works, is distributed, and how it is infinitely copyable.
It's understandable that if you don't really understand it and are used to old newspapers simply "disappearing" for example... unless you go to a microfiche machine at a library, no-one will find that information any more. You can't make digital information be deleted simply because you believe that's what happens to information. The whole concept of information has changed.
Do you think that the principles are sound? Should people have a right for information about them to be deleted?
BZ: That depends. In this case, we are looking at legal information which is qualified as irrelevant or inadequate - and for search engines to delete their links to that information, rather than it being deleted at the source.
The idea is interesting, but the way in which this case is played out is uninformed. It's a quick-fix solution to something that needs to be thought about much deeper. Making an intermediary responsible for our information management, just because they are popular, is the wrong way to go.
There is talk of blocking information at the ISP level, but they are not dealing with the problem of the content on servers. Everyone is always wanting to be seen to be doing the right thing with these bogus solutions, but they are not solving anything.
These issues are being dealt with in a 'shoot the messenger' way.
BZ: That goes back to newspapers; editors were our custodians of information for a long time. They could be held liable for what they publish. If they didn't publish something, then it was unlikely that it would be seen by the general public. The case of Google Spain, where the information could be found on servers within the municipality, via Google’s search engine. If this information would have been published in a newspaper, then the editor could have been held liable. Now, we're trying to find that responsible, powerful intermediary which a lot of people now think is Google. But, Google acts in a completely different role in society. It isn't an editor. The question now is: do we want Google, an American profit-making entity, to play an editorial role in Europe?
Do you think that Google is being portrayed as the bête noire in this situation?
BZ: That's a debate which we should be having. Google has had pretty much free range up until now, as people have thought "They're so innovative, let's just see where this goes". In finding out what the Internet can do and what benefits and harms can come of it, the Spanish lawyer had a genuine case. He rectified a historical situation. So, there is a genuine question here, as to whether Google is the right intermediary to target with such responsibility. It's too easy to just create a general right to be forgotten, and to impose it on search engines. There's a much wider debate to have on curation.
What we are working with here, are two things which are flawed from a legal perspective. The Data Protection Directive 1995, which became the DPA in the UK, regulates privacy on the Internet as we know it now. Many Internet-based companies have obviously been established since then, so the law didn't foresee the way in which we now deal with information. It deals with terminals and filing cabinets full of paper, not Big Data. Secondly, lawyers need to solve problems within the boundaries of the law. They're not necessarily fully conversant with digital technologies, so they take their paper-based experience and apply that to a contemporary context of predictive analytics and so on. There's a loss in translation between what lawyers do and work with, and what technology actually does.
Is there also a generational shift here? Are younger lawyers more likely to understand and be sympathetic to these contemporary challenges?
BZ: Yes, but still, we're forced to work within the framework of the old law. The Advocate General gave an opinion a year ago - to the court - about the Google Spain case. It's published, and the court comes with its own judgement as to why it did or did not follow the opinion of the Advocate General. The court did not follow the view of the Advocate General in this case, so you can see two totally different interpretations of the same law.
There's no legal certainty when applying old law to new technologies anymore. Even when you have lawyers who understand contemporary issues, and have lived with their data being processed and personal profiles being predicted, it's still very difficult to regulate this space properly.
I think that, to be honest, this case was a strong reaction in terms of privacy. The Advocate General had his opinion in June 2013, at the time of the Snowden revelations. Privacy is not a black and white concept; it's fuzzy and has to be balanced. The court perhaps got it wrong, and prioritised privacy over freedom of speech, which entails a freedom to receive information, especially when the information is fully legal.
Let's look at the long-term impact of a right to be forgotten. If Jimmy Savile were alive today, would he have been able to request any information which was published on his behaviour to be removed, thus preventing people who would meet him having that knowledge?
BZ: The court qualifies information subject to an RTBF order as that which is inaccurate, irrelevant, or no longer relevant. It's a very narrow definition. Information about Savile would not be deleted as it's part of a current public debate... at least, those are the guidelines.
Private companies have been given interpretative powers. We see Silicon Valley companies given the authority to decide on what is no longer relevant to Europeans. They don't know the European context, as lawyers will be aware of the need for the company to make a profit back in the US; and do we really want private players to play that role? Google has around 95% of search share in the EU. They may have over-reacted with recent deletion requests, maybe on purpose to seek media attention. A former Merrill Lynch executive who played a role in causing the 2008 financial crisis had information on him removed by request. Upcoming bankers would therefore not be able to know the full truth about the crisis. Of course, it's hugely embarrassing for him, but if that knowledge is lost, then we may not learn from the lessons of the past in order to save the reputations of people who have done something wrong.
If a European search provider was created, would it operate in a different way to Google?
BZ: The way in which it would collect and process data would be very different. European privacy law is much stricter than in the US, and Google has always argued that EU law does not apply to them. Google can rely on the much more related - almost non-existent - US law, based on terms and conditions. European law regulates activities in Europe, and this is the first time that it has been really applied to Google, 16 years after the company was first established. A European competitor to Google could never grow to their size, as they would never have the same access to personal data to operate their profitable business model. Google funds itself from its advertising activities, largely based on user profiles. A European company could never achieve the quality and depth in terms of being able to mine that information.
Are other jurisdictions outside of the European Union looking at a right to be forgotten?
BZ: A lot of countries are using the EU baseline framework as their law. It's around 90 countries now. China is debating as to whether it should follow the US or EU model. This case will be heavily analysed by lawyers around the world, to see as to whether the EU's framework is up to scratch in terms of Internet issues. The EU has brought a giant to its knees. Google has to deal with this issue, but the question will be for countries outside of the EU: do they want to take this path, or take another approach? In the next few years, we will see a lot of analysis on this. Again, you're balancing individual rights with innovation potential, security, and privacy.
Is this issue symptomatic of a wider problem - that current law is just not reflective of society any more?
BZ: Yes. Copyright is a great example. Every action on the internet, nearly every mouse click, triggers a copyright infringement. The law was designed for the printing press: an agreement between writers and publishers. The consumer never came into the equation. Now that the consumer is clicking, downloading, copying, streaming, watching... everything is an infringement of this industrial law. Consumers are being pulled into this debate and are being sued, but the law wasn't written for these purposes.
Will this have an impact on publishers and content creators? For example, 'I know about the right to be forgotten so won't publish this article, just in case it's pulled up later'.
BZ: The issue of chilling effects and unintended consequences already exists in technology; you never know how the law will be interpreted in terms of platforms and formats. Investors are also careful about what they choose to fund. If we now have cases where people submit an RTBF request, but that Google declines it and it goes to court, and the court decides against Google... then the fine could be huge. Forthcoming Data Protection Regulations suggest 10% of a company's annual turnover. If one case can hand Google a fine of several billion, then people will be very careful as to what they do. There could be a chilling effect for journalism.
Services such as archive.org won't be included in this process; the action will be directed towards wealthy companies who can offer compensation. Everyone's trying to analyse this, but it's still vague.
Where do you see Google's strategy going in this case?
BZ: Their arguments have been quite 'out there' but not necessarily wrong. They see the situation as akin to burning books in a library, comparing the consequences to dictatorial and totalitarian regimes, which is a bold claim to make, of course.
Google is looking for a response from legislators in the current review of European privacy laws. In the meantime they want to make a case as to how they have been wronged. It's up to people to get the facts and to get data: how many requests have been made, and what Google's considerations were each time.
How do you see the legal profession changing to become more reflective of contemporary digitally-literate society?
BZ: The important thing for lawyers its to become multi-disciplinary. They need to understand technology, sociology, social sciences... you cannot give clients any real guarantees on Internet law any more, because of the potential disparity between interpretations, such as with the European Court and the Advocate General in the Google Spain example. Instead of being able to intepret a court's reasoning and give advice, one needs to understand the wider context. What's technologically feasible? How will people deal with changes to information practice? Just looking at the law will be insufficient. It will be about much more. The main flaw of current law is that what's said is considered to be gospel, and there is little reflection from lawyers back to policymakers. It's just a big fight from different silos, where useful arguments are lost in translation.