As the discussion of federal data privacy makes its way to the U.S., experts say a recommendation, largely in favor of Google over an alleged violation of the European Union’s right to be forgotten, could shape the way legislation in the U.S. over data privacy and cybersecurity is crafted.
According to a Thursday article in the Wall Street Journal, an adviser to the EU’s highest court recommended that the right to be forgotten does not apply when someone who requested to be forgotten appears in a search engine outside of the EU.
Andrew Burt, the chief privacy officer and legal engineer of data management company Immuta, said that this was only a recommendation and there will still need to be a final ruling by the court. However, Burt said the court will most likely go along with the recommendation.
But how does a nonbinding opinion in Europe impact how legislation over data privacy will be shaped in the U.S.? Burt said it will make the U.S. more independent and U.S.-centric when it comes to data privacy.
“I think it is representative of an inflection point in global data governance. We’re seeing the internet balkanizing,” Burt explained. “This was one of the last chances to put an end to that.”
David Hoffman, associate general counsel and global privacy officer at Intel, said that balkanization process is important and that privacy laws should be shaped around individual countries.
“We have a unique economy and a unique culture here that is very different from Europe,” Hoffman said.
However, the recommendation will not change how the U.S. drafts its laws, said Debra Farber, a lawyer and senior director of privacy strategy for data management company BigID, and that it is unlikely the U.S. would create a law which reaches outside of its borders.
“It would be a huge departure from public policy to determine what must be taken down in other countries,” she said.
Outside of the impact of the decision, Burt said that it is unlikely that in any kind of federal data privacy law there will be a “right to be forgotten.” He said that the right to be forgotten is something that is more European and he would not expect to see something like that in a federal bill governing data privacy in the U.S.
“We think about privacy being more related to speech, while they think about privacy as being more related to reputation,” Burt explained.
Further, he said, that because of the First Amendment, it would be extremely difficult to get something like the right to be forgotten implemented.
Hoffman, however, said some kind of right to be forgotten was included in the draft bill Intel published in 2018. He said the draft bill he helped write did not receive negative feedback on a right to be forgotten.
“Companies are already putting processes like that in place,” Hoffman said.
Hoffman said that Intel’s bill makes clear the right to be forgotten does not obstruct anyone’s or any company’s right to free speech. He explained there should be some kind of right to be forgotten clause in any federal data privacy law because it will give companies a standard to abide by, rather than having a different policy for each company.
“You have a strange situation where each platform has different requirements [to have information obscured],” Hoffman said. “It would make someone wonder why they can get something obscured on one platform and not the other.”