Can the notion of digital privacy be reframed to resolve policy issues? That is the question at the heart of Meg Leta Jones’ book,Ctrl + Z: The Right to be Forgotten. It offers us alternative ways of thinking about a difficult and taxing matter in the digital era: namely, the right to privacy, and specifically the right to protect one’s own reputation online. We are invited to consider new ways of conceptualising the appropriate policy responses. What, if anything, should the state do, when so much information about our lives resides online and is seemingly there forever, exposing our innermost thoughts and feelings, our peccadilloes and our friendships to ever-wider public scrutiny?
The book addresses an issue that arises out of that case: namely, that of ‘reputatation management’. Framed from the perspective of a digital native, it reminds us that ‘your most shameful secret, cringe-inducing incident’ may remain somewhere online. The underlying assumption is that everyone may have an embarrassing moment that has been captured and stored forever, encapsulating the idea that the posting of a drunken image when young can haunt someone throughout their career. Likewise, in the digital era, individuals can never shake off the past, whether previous convictions, deadbeat dads or revenge porn.
However, the right to be forgotten is not exactly what it seems. It is about a right to have information erased; but in the digital era, erasure does not mean total oblivion. This book addresses how we as a society, and in particular our lawmakers, should manage the boundaries of privacy and reputation. It investigates ways in which we might seek to control information about ourselves online, and who should be responsible for managing those procedures. It puts forward the idea that those in charge of storing and processing data could act as information stewards. The right to be forgotten is therefore conceptualised as a way for individuals to have some opportunity to manage information about themselves that is in the public domain, to enable them to have some form of control over it or recourse against possible harm.
Image Credit: Delete Key (Ervins Strauhmanis CC BY 2.0)The deletion of information is an especially sensitive matter for policymakers as well as for the courts. The book includes a comparative study of the US and the EU, considering the different legal approaches to privacy and erasure of personal data on both sides of the Atlantic. Leta Jones evidently has a US perspective on this issue, but refreshingly she demonstrates a strong interest in the European position, incorporating case law examples from several EU member states as well as the European Court of Justice.
The book also introduces theories of conceptualising privacy. Indeed, the book asks whether privacy is even the appropriate way to consider this issue. Privacy can be considered as ‘personhood’, but it can also be about identity. It may be conceptualised as the absence of information about oneself or about the ability to control that information.
Then there is a consideration of what it means ‘to forget’. Leta Jones raises notions of redemption and ‘forgiveness’ on the basis that forgiveness may be a long time coming when information remains available online and its currency stays constant. The author builds these concepts into the legal argument further in the book, which from my perspective was interesting in forcing us to think harder about the problem, but I’m not sure it brought us closer to a policy solution.
What I especially liked was the discussion on innovating privacy, and the way the author takes us from theory into practice in the digital environment. The book discusses the idea of ‘discoverability’. This is about ways in which information can be found and identified, which does vary according to services, applications and uses. Not all information is created equal. Information may be attributed different values depending on certain variables, such as who put it online and how long it has been there. There is a broad distinction between data that we post and make public ourselves about ourselves versus data posted by others. There is a further difference between a one-off original posting and a click-stream from blogs, tweets, social media and so on. Moreover, we should distinguish between information actively posted and the data that is collected by analytics, which may be an actual record or may be predictive.
Leta Jones uses this analysis to introduce a concept of information stewardship. This is where she gets into the heart of the policy issues in a discussion of where decisions should be taken and by whom. In a scenario-based analysis, she discusses the role of the data controller and the ways in which different types of requests might be approached. Here lies the original thinking of the book, and the kind of analysis that could be helpful in the policy field. The book does not offer any preferred solution, but it does show an array of options and open eyes to new possibilities.
However, this book also leaves open a number of questions for scholars interested in this field. From a European perspective, the public interest issue is critical, the key question being where public interest and freedom of expression may override privacy rights. In many EU member states, the possibility of preventing politicians erasing their past is the most critical aspect of the right to be forgotten. Moreover, how should a ‘right to be forgotten’ differentiate between teenage folly and a person in the public eye knowingly indulging in bad behaviour and then trying to keep it silent? Also, how should it address past criminal behaviour? These questions are hinted at in the book, and will no doubt form the subject of further research.
Ultimately, the book’s strength is its ability to inspire, and that is what makes Ctrl + Z a pleasure to read. In proposing the idea of information stewardship, it may give us some guidance towards a solution to this complex and controversial policy issue.