Privacy and the right to be forgotten: who owns your personal information?

RFID (radio frequency identification) ticket t...

RFID (radio frequency identification) ticket to Bergen Science Centre. VIP, student, child and adult from left to right. (Photo credit: Wikipedia)

Over the past year, the right to be forgotten (RTBF) has become a topic of debate and interest.  What began as an academic or theoretical issue has become a legislative proposal within the European Union.  From the perspective of the data protection act, in the UK, which institutes the EU Data protection Directive, the RTBF fits with the 4th Data Protection Principle.  The principle covers the idea that data should only be held as long as necessary and unlimited storage should be the exception and not the default.  In this blog, though, I want to discuss how the RTBF is based upon a right of privacy that assumes, incorrectly, that we own our own personal information and raises philosophical questions about what it means to be human in the digital age.  As such, the right is a technological solution to a technological problem created by a bureaucratic process and not a fundamental, or natural, right.  By only providing a technological response, the right does not address the fundamental idea of what makes us human, and therefore gives us privacy. In other words, we are working on the false, but understandable, belief that a technological solution will resolve our philosophical problem.

The technological solution to a technological problem highlights a bureaucratic process that appears almost uncontrollable.  In the past, my data (my bureaucratic shadow) was relatively limited.  If I checked out a book, the library would know.  Depending on the topic, the state and the era, the FBI might know as well.* Other than those two bodies, no one else would know or be interested in knowing what I checked out of the library.

Your library book can now be analyzed to track your existence

Today, as more records are electronic and control systems are electronic, our digital shadow has increased. The bureaucratic process has become technologically enhanced as the spirit of the technological infuses our lives. Even leaving aside the official bureaucratic records, such as birth certificates, driving licences, and national insurance or social insurance numbers, we have a huge amount of data accumulating about us every day.  Unlike the older library, modern libraries have Radio Frequency Identification (RFID) tags in books.  The RFID tags allow us to monitor the book for audit purposes within the library as well as allowing a location to be identified depending on the software.  When we connect that to big data centres where smart algorithms that can match a GPS signal to a person’s smartphone or to the book’s RFID tag, it can show who the person met, if they are holding the book when they meet and their GPS signal is scanned.  In the past, that information did not exist. It exists today and people would like to know that it is “forgotten” and is not being used to shape their lives without their permission. If you are interested, have a look at these sigma scans on future of information technology especially the emerging use of sensors.

Forgetting relies upon institutional memory the problem of archives

In many ways, the technological approach to privacy is beyond the abuse allowed or generated by a paper-based system. The current laws we have are paper based laws and even the electronic laws we are developing are behind the technological trend concerning data creation, retention, and manipulation. I am purposefully ignoring the archives issue, in that records are retained in an archive and thus have always been available, because of the philosophical dispute that archives represents a clean break with current records management. By that I mean, the arguments about archival requirements are a secondary issue that do not address the fundamental philosophical issue.  In other words, archives, which have always existed, present the same technological problem, but only in a paper (or limited) format.  Archives are important, yet they do not in themselves create a break point that limits legislative oversight of the political space or of political memory. Moreover, their special status needs to be challenged if their function does not provide a collective memory so much as an institutional memory based on institutional and not community needs. (See my blog on the Shaw report). n light of abuse histories one finds that the RTBF becomes moot because the institutional memory never wanted or even tried to remember in the first place. Instead, what we need, in those circumstances is a right to remember, but we may as well chase the horizon.

The gap between our digital person and our physical person

I think there is an increasing need for clarity because the gap between our “digital person” and our physical person. The RTBF is showing us a demand that our “digital person” be treated as our physical person would be treated. By that I mean, instead of viewing it as data or information, it is seen as an extension of the person. We then move beyond data protection towards an essential understanding of due process, and fundamentally, a new question of what it means to be human. Thus, the state will have a higher, and more extensive, responsibility about that information (even as it controls the records) and we will have a greater (if sometimes passive) role in it as well.  The question, though is whether the digital person becomes fully a creature, a representation, of the state and is no longer natural.

Will we have digital “natural” rights? Can we be human without them?

The RTBF is in the end, a bureaucratic solution to a technological problem created by the bureaucratic system’s reliance on technology.  We have yet to figure out what we mean by freedom, which is what the RTBF is trying to articulate, but that is a political question rather than a technological question.  To the extent that it has become a technological question, we return to the Heideggerian question of technology.  To put it differently, but directly, our need for a RTBF shows us that we still do not know what it means to be human.  Our reliance on technology further removes us from our human nature in that our fundamental freedoms, our humanity, are becoming representations of data.  We no longer have access to our digital shadow, in a way that we had (continue to have) access to ourselves as selves. By that I mean, 1500 years ago someone may have had a right to property and a right to their own person. Later, as rights became developed as an idea of property that could be exchanged, we lost touch with our natural rights, as rights, and took on positive rights as representations either of the state or an institution, like the Church or a Monarchy. In the 21st century, we do not even have a right to our digital shadow let alone access. In sum, we have become further removed from our natural rights, as we become more of a digital “person”.

If the RTBF is to work, or any “digital rights” are to work, we need to connect them or at least found them in our natural rights. Perhaps it is time to discover our digital “natural” rights.

*The FBI used to pressure librarians in major cities to disclose the details of individuals checking out certain books in the late 60s early 70s, or at least that is when it came to light in the 1980s.

About lawrence serewicz

An American living and working in the UK trying to understand the American idea and explain it to others. The views in this blog are my own for better or worse.
This entry was posted in change, change managment, data protection act, information management, innovation and tagged , , , , , , , , , , . Bookmark the permalink.

2 Responses to Privacy and the right to be forgotten: who owns your personal information?

  1. Heiko Lüder says:

    Hi Lawrence,I always enjoy reading your very eloquent blog on Data protection issues.However I had a discussion with the data protecting registrar and he in contrast to me also has the view that a particular person is not the owner of his own personal data.Not every nation has however interpreted it that way.In Germany it is very much the case and enshrined in Law the the individual is the undisputed owner of their own personal data.I argued in the 90’s at a conference with him about that but it was more or less dismissed.If however you are making that fundamental shift of giving ech individual person the right over their data we would make more progress.We have for example already the right of famous people to their image and copyright laws where we protect digitalization and copying of data belonging to somebody-may that intellectual property and that data belonging to a corporation.I would be interested to hear your opinion on that.


    • Heiko,
      Thanks for the kind comments. I am glad you appreciate my work. I am not sure what the future holds with this issue, which prompted my thinking, because the issue cannot be resolved easily. I think that some ownership has to be essential, but if that entails a changed understanding of the human person ie are we a digital entity as well as a physical entity, then how is that resolved?
      The German example is one approach. There are limits to what that achieves and whether organisations can use the personal information responsibly. At the same time, it raises questions about a universal or consistent approach. In a sense, we seem to know what it means to be human and have enshrined that in law, yet there still remains fundamental questions when that understanding has to be actioned or applied.

      I would be interested in your thoughts on how the ownership of the data can be done and what that would mean for how we understand what it means to be human.


Comments are closed.