'Useful Overstatement': Europe's Privacy Chief, Welcoming Trans-Atlantic Policy Thaw, Runs Into U.S. Resistance to 'Right to Be Forgotten'

By Louis Trager, Washington Internet Daily

SILICON VALLEY -- Europe's data-protection chief defended a proposed right to be forgotten, notably online, as a usefully provocative way of framing a prerogative to force organizations to justify keeping information about them.  Participants at the Berkeley Law Privacy Forum repeatedly and pointedly questioned Peter Hustinx, the European Commission's data-protection supervisor, on the matter last week.

It's "a useful overstatement" to label as a right to be forgotten the established principle of being able to get deleted any information whose processing can no longer be justified, Hustinx said.  The right is "firmly embedded in 30 years of practice," he said.  Viviane Reding, the European justice commissioner, has called the right to be forgotten "a slogan," he said, and she supports the view that he expressed.  But Christopher Wolf of the Hogan Lovells law firm and Future of Privacy Forum said there's concern that a draft regulation released in January is "much, much broader" on the point than Hustinx portrayed. 

"There has been a lot of spin around this proposal," Hustinx replied, accusing many critics of not having read the draft carefully.  Jeffrey Rosen, a George Washington University law professor, "showed very little understanding for the thinking" behind the provision in a critical speech he gave in Jerusalem, the European official said.  Hustinx, whose presentation stressed a growing commonality in the European and U.S. regulatory approaches, said contention over the burden of justifying information retention illustrated "one of the dividing lines culturally and legally" in the Atlantic. 

The regulation would require "reasonable efforts" to get online information "back in the bottle," Hustinx said.  But it has carveouts to protect freedom of information and freedom of the press, he said.  Legislative debate and court cases such as one by Spain against Google will clarify the requirements, Hustinx said.  

Hustinx said he expects action to be completed in 2014 on a data-protection regulation binding on all EU member countries and on a companion directive to law enforcement.  "Member states see their favored version of the truth challenged" with the prospect of uniform rules, he said.  "So this is certainly going to give rise to discussion."  Preparations to put them into effect will take an additional two years, Hustinx said.  The result will be a system that "will obviously stay for a while," he said.

"An increasing consensus on a need to reinvent existing privacy frameworks" offers "a great opportunity for stronger ... more consistent" policy around the world, Hustinx said.  In this "year of privacy reports," convergence is seen not only in the approaches of the U.S. and the EU, but also in expressions by the Organisation for Co-operation and Economic Development, the Council of Europe, and Asia-Pacific Economic Cooperation, he said. 

The U.S. and Europe "are increasingly on the same page in the way we look at this," Hustinx said.  Both want to give users more control "to make them feel more comfortable," he said.  Practical approaches to deliver on protection are gaining ground in Europe and principled approaches in the U.S., Hustinx said.  He said he expects "increasing interoperability" between their regulatory systems.

Reproduced by permission of Warren Communications News, Inc., 800-771-9202, www.warren-news.com