Abstract
This chapter examines the status of the right to be forgotten in Irish law. It pays close attention to data protection law and finds that even before the coming into force of the General Data Protection Regulation (GDPR), a right to be forgotten, rooted in data protection law, was available in Irish law. The chapter also explores whether a right to be forgotten is available beyond data protection law. In doing so, it assesses whether interests in forgetting and/or being forgotten are given expression in other areas of Irish law. The chapter considers the legislation on spent convictions, defamation law and the law of privacy. It finds, however, that data protection law is the most suitable home for a right to be forgotten. The chapter also examines the limits of the right to be forgotten and the remedies available for infringement before commenting on the transparency problem in the context of search engine delisting requests.
This chapter stems from research supported by the Irish Research Council’s New Horizons 2016 funding scheme.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This distinction between ‘full’ and ‘narrow’ versions of the right is inspired by O’Hara and Shadbolt (2015, p. 178) who draw a distinction between the ‘narrow principle’ established by Google Spain and the ‘full term “right to be forgotten” to refer to a more abstract conception.’
- 2.
Spent convictions (in respect of most crimes) were possible in the case of child offenders. See s 258 of the Children Act (2001).
- 3.
A number of exceptions to this general rule (including, for example, exempted employers) are outlined in 8–11 of the Act.
- 4.
In de Rossa v Independent Newspapers [1999] 4 IR 432, 470, Hamilton CJ quoted counsel for the Appellant’s remarks that the case had ‘been brought by [the respondent] in an attempt to escape his past’.
- 5.
Lord Nicholls refers to the equitable doctrine as a tort in Campbell v. MGN Ltd [2004] 2 AC 457, 465: ‘The essence of the tort is better encapsulated now as misuse of private information’.
- 6.
This doctrine remained dormant for several decades until it was reactivated when the Supreme Court identified the unenumerated right to work in NVH v Minister for Justice & Equality and ors [2017] IESC 35.
- 7.
The main authorities in this area are Educational Co Ltd v Fitzpatrick (No 2) [1961] IR 345; Meskell v CIE [1973] IR 121; Glover v BLN Ltd [1973] IR 388; Hanrahan v Merck Sharp and Dohme [1988] ILRM 629; Herrity v Associated Newspapers (Ireland) Ltd (2009) 1 IR 316; Sullivan v Boylan Contractors (No 2) [2013] IEHC 104; Ogieriakhi v Minister for Justice and Equality and the Attorney General and An Post (No. 2) [2014] IEHC 582. See also Clarke v O’Gorman [2014] 3 I.R. 340, 359 (per O’Donnell J).
- 8.
See also Herrity v Associated Newspapers [2009] 1 IR 316; K (A Minor) v Independent Star [2010] IEHC 500.
- 9.
Keller (2018, p. 292) explains that ‘back-end’ data are data collected by OSPs when ‘tracking their own users’ online behaviour. OSPs have plenty of this privately held, “back-end” data – logs tracking users’ clicks, profiles used to target advertisements, and more.’
- 10.
Article 17(1)(b) should be read alongside Article 7(3) which expressly provides for the right to withdraw consent. Markou (2015, p. 209) argues that this ‘innovation’ in Article 17 should be welcomes since ‘consent-as-permanent-permission’ is not consistent with the ability to exercise meaningful control over one’s own data.’
- 11.
A literal interpretation of s 2, 2A, 2B and 6 DP Act 2003 does not afford the data subject a right to erase data on the grounds that he/she has withdrawn consent (assuming that the processing is otherwise lawful).
- 12.
For a comprehensive analysis of this complicated picture, see Keller (2018).
- 13.
Recital 18 states: ‘This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities.’
- 14.
According to Article 4(7) GDPR: ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- 15.
Here, the Court of Appeal of Northern Ireland held that in respect of information posted by third parties Facebook was a data controller within the meaning of s 5 of the UK Data Protection Act (1998).
- 16.
This is part of the Board’s set of tasks. See Article 70(1)(b)(d) & (e) GDPR.
- 17.
There is already authority to suggest that a blogger may also be an ‘organ of public opinion’. See Cornec v Morrice & Ors [2012] IEHC 376.
- 18.
See, for example, Joined Cases C-92/09 and C93/09 Volker und Markus Schecke GbR v Land Hessen [2010] ECRI-11063.
- 19.
It is only a matter of time before these hard questions come before the courts. If there is to be a legislative solution to this conundrum, then this needs to implemented within the context of Article 23 GDPR, which mirrors, to a significant extent, the text of Article 52(1) CFR. Article 23 GDPR states that a national legislature may restrict the scope of the obligations and rights provided for in Article 17 in order to protect, amongst other things, ‘the rights and freedoms of others’. But any such measure must be a ‘necessary and proportionate’ one in a democratic society and must respect ‘the essence of the fundamental rights and freedoms’.
- 20.
On the idea of collages see of information see Mayer-Schönberger (2009), p. 124.
- 21.
Cf the decision of the High Court of Northern Ireland in Townsend v Google Inc and Google UK Ltd [2017] NIQB 81.
- 22.
This is how the Circuit Court judge described the appellant’s position: ibid, para 19.
- 23.
For the Circuit Court decision see [2016] IECC, Record Number: 2015/02589, [46–51]. Judgment available at: https://www.dataprotection.ie/documents/judgements/Savage_v_DPC_&_Google_Ireland_Circuit_Court_judgment_11.10.16.pdf.
- 24.
s 7 was the Irish legislature’s response to Article 23 of the DPD. s 7 read: ‘For the purposes of the law of torts and to the extent that that law does not so provide, a person, being a data controller or a data processor, shall, so far as regards the collection by him of personal data or information intended for inclusion in such data or his dealing with such data, owe a duty of care to the data subject concerned…’
- 25.
Collins v FBD Insurance [2013] IEHC 137 is a significant Irish authority which interpreted s 7 as compensating special damages only. In his instructive discussion of this case, contrasting Collins with the decision of the Court of Appeal of England and Wales in Google Inc v Vidal-Hall [2015] EWCA Civ 311 and considering national and EU law, O’Dell (2017a, pp. 128–133) questions the correctness of the decision in Collins.
- 26.
Article 82(1) should be read alongside Article 79 GDPR which provides for the right to an effective remedy against a controller or processor.
- 27.
https://www.google.com/transparencyreport/removals/europeprivacy/. Accessed 8th February 2019.
- 28.
Ibid.
- 29.
This was Google’s own estimate set out on their website https://www.google.com/search/howsearchworks/ last accessed on 15th November 2017. The current version of this website (as of 8th February 2019) does not appear to contain this figure but references instead ‘hundreds of billions of webpages’.
- 30.
https://www.google.com/transparencyreport/removals/copyright/ (as accessed on 31st May 2018). Note that the current webpage (as of 8th February 2019) no longer appears to provide a breakdown of the number of removals over particular time periods but states that Google has received requests to remove almost 4 billion URLS.
- 31.
https://www.google.com/transparencyreport/removals/europeprivacy/ Accessed 8th February 2019.
- 32.
Ibid.
References
Bellia PL (2008) The memory gap in surveillance law. Univ Chicago Law Rev 75:137–179
Brock G (2015) The right to be forgotten. IBTauris, London
Brüggemeier G, Colombi Ciacchi A, O’Callaghan P (eds) (2010) Personality rights in European tort law. Cambridge University Press, Cambridge
Carolan E, Delany H (2008) The right to privacy: a doctrinal and comparative analysis. Thomson Round Hall, Dublin
Cohen JE (2012) Configuring the networked self. Yale University Press, New Haven
Data Protection Commissioner of Ireland (2014–2017) Annual Reports. https://www.dataprotection.ie/docs/Annual-Reports/b/958.htm. Accessed 7 Feb 2019
de Mars S, O’Callaghan P (2016) Privacy and search engines: forgetting or contextualizing? J Law Soc 43(2):257–284
Hagemann M (1998) Iniuria: von den XII-Tafeln bis zur Justinianischen Kodifikation. Böhlau Verlag, Cologne
Hornung G, Hofmann K (2013) Ein “Recht auf Vergessenwerden”? Anspruch und Wirklichkeit eines neuen Datenschutzrechts. JZ 68(4):163–170
Howells G, Rott P (2010) English report. In: Brüggemeier G, Colombi Ciacchi A, O’Callaghan P (eds) Personality rights in European tort law. Cambridge University Press, Cambridge
Keller D (2018) The right tools: Europe’s intermediary liability laws and the EU 2016 general data protection regulation. Berkeley Technol Law J 33:287–364
Kilcommins S, O’Donnell I (2003) Wiping the slate clean: rehabilitating offenders and protecting the public. Administration 51(3):73–89
Koops BJ (2011) Forgetting footprints, shunning shadows: a critical analysis of the “right to be forgotten” in big data practice. SCRIPTed 8:229–256
Lesaffer R (2019) Wiping the slate clean… for now: Amnesty in early-modern peace treaties, Oxford Historical Treaties Online. http://opil.ouplaw.com/page/amnesty-peace-treaties. Accessed 7 Feb 2019
Markou C (2015) The “right to be forgotten”: ten reasons why it should be forgotten. In: Gutwirth S, Leenes R, de Hert P (eds) Reforming European data protection law. Springer, Dordrecht, pp 203–226
Mayer-Schönberger V (2009) Delete: the virtue of forgetting in the digital age. Princeton University Press, Princeton
McIntyre TJ, O’Donnell I (2017) Criminals, data protection, and the right to a second chance. Irish Jurist 58:27–55
McMahon B, Binchy W (2013) Law of torts, 4th edn. Bloomsbury Professional, London
Moreham N (2005) Privacy in the common law: a doctrinal and theoretical analysis. Law Q Rev 121:628–656
Morgan J (2003) Privacy, confidence and horizontal effect: “hello” trouble. Cambridge Law J 62(2):444–473
O’Cinneide C (2003) Taking horizontal effect seriously: private law, constitutional rights and the European convention on human rights. Hibernian Law J 4:77–108
O’Dell E (2017a) Compensation for breach of the general data protection regulation. Dublin Univ Law J 40(1):97–164
O’Dell E (2017b) Comparative defamation and privacy law – Irish perspectives. Dublin Univ Law J 40(1):236–249
O’Hara K, Shadbolt N (2015) The right to be forgotten: its potential role in a coherent privacy regime. Eur Data Prot Law Rev 1(3):178–189
Ohm P (2008) Good enough Privacy. University of Chicago Legal Forum. https://chicagounbound.uchicago.edu/uclf/vol2008/iss1/2/. Accessed 7 Feb 2019
Phillipson G (2003) Transforming breach of confidence? Towards a common law right of privacy under the human rights act. Mod Law Rev 66(5):726–758
Quill E (2014) Torts in Ireland, 4th edn. Gill & Macmillan, Dublin
Ricoeur P (2004) Memory, history, forgetting. University of Chicago Press, Chicago
Slattery L (2014) Right to be Forgotten Ruling is Backfiring says Data Watchdog. Irish Times. http://www.irishtimes.com/business/technology/right-to-be-forgotten-ruling-is-backfiring-says-data-watchdog-1.1877421. Accessed 7 Feb 2019
Voss WG, Castets-Renard C (2016) Proposal for an international taxonomy of the various forms of the “right to be forgotten”. Colorado Technol Law J 14(2):281
Werro F (2009) The right to inform v. the right to be forgotten: a transatlantic clash. In: Colombi Ciacchi A, Godt C, Rott P, Smith LJ (eds) Liability in the third millennium. Nomos Verlag, Baden-Baden, pp 285–300
Zimmermann R (1992) The law of obligations: Roman foundations of the civilian tradition. CH Beck, Munich
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
O’Callaghan, P. (2020). The Right to Be Forgotten in Ireland. In: Werro, F. (eds) The Right To Be Forgotten. Ius Comparatum - Global Studies in Comparative Law, vol 40. Springer, Cham. https://doi.org/10.1007/978-3-030-33512-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-33512-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33511-3
Online ISBN: 978-3-030-33512-0
eBook Packages: Law and CriminologyLaw and Criminology (R0)