Skip to main content
SpringerLink
Log in

Online Social Networks and Young People’s Privacy Protection: The Role of the Right to Be Forgotten

  • Chapter
  • First Online:
Book cover Minding Minors Wandering the Web: Regulating Online Child Safety

Part of the book series: Information Technology and Law Series ((ITLS,volume 24))

Abstract

After an evaluation of the current regulatory framework, this chapter addresses the fundamental role of the right to be forgotten in European Union legislation. The chapter will first analyse the pros and cons of current legislation, i.e. the Data Protection Directive, and, second, address the relevance of the proposed Data Protection Regulation. Based on the conflict between the right to oblivion on the one hand and freedom of speech, the right to memory and marketing purposes on the other, we conclude by proposing possible solutions for the enforcement of the right to be forgotten, assuming that a universal solution for a concrete right to oblivion requires not only a strong legislative basis but also economical and technical costs.

Rachele Ciavarella is a lawyer with ICT Legal Consulting Law Firm and a Blue Book Trainee at EU Commission DG CNECT Unit H4 Trust and Security. Cécile De Terwangne is a professor at the Law Faculty of the University of Namur (Belgium) and Research Director in the ‘Freedoms in the Information Society’ Unit of the Research Centre in Information, Law and Society (CRIDS—University of Namur).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For the purposes of this document, the term “young people” will refer to legal minors. The meaning of legal minor depends on the jurisdiction in which the service is offered; normally this refers to users under 18 or 16 years of age. However, in the General Data Protection Regulation (see infra), while Article 4(18) states that ‘child’ means any person below the age of 18 years, Article 8.1 (Processing of personal data of a child) outlines that the processing of personal data of a child below the age of 13 years shall only be lawful if and to the extent that consent is given or authorised by the child’s parent or custodian.

  2. 2.

    Casarosa 2010, available at http://ssrn.com/abstract=1561570.

  3. 3.

    Livingstone et al. 2011, available at http://www2.lse.ac.uk/media@lse/research/EUKidsOnline/ShortSNS.pdf.

  4. 4.

    EU Kids Online is a multi-national thematic network, founded by the EC Safer Internet Programme, that aims to stimulate and coordinate investigation into the use of new media by children, www2.lse.ac.uk/media@lse/research/EUKidsOnline/Home.aspx.

  5. 5.

    Walz 1997, p. 3.

  6. 6.

    For an example of reported cases about people seeking to have their data deleted from a social network and facing practical difficulties, see http://online.wsj.com/article/SB10001424052748703396604576087573944344348.html.

  7. 7.

    See for example Mayer-Schönberger 2009.

  8. 8.

    Legrand and Bellamy 2012, www.lesnumeriques.com/divers/touche-pas-a-e-reputation-enquete-a1548.html.

  9. 9.

    ‘Personal data’ means ‘any information relating to an identified or identifiable natural person (“data subject”)’ (Article 2, a) of the directive 95/46).

  10. 10.

    Directive 95/46/CE of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ, 23 November 1995, L281/31.

  11. 11.

    Reding 2010.

  12. 12.

    Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), 2012/0011 (COD).

  13. 13.

    European Commission Communication, ‘A comprehensive approach on personal data protection in the European Union’, 4 November 2010, COM (2010) 609 final, p. 8.

  14. 14.

    Informational self-determination means control over one’s personal information, that is to say the individuals’ right to decide which information about themselves will be disclosed, to whom and for which purpose. See De Terwangne 2012, p. 112, also available at www.idp.uoc.edu.

  15. 15.

    See Rouvroy 2008, available at http://works.bepress.com/antoinette_rouvroy/5/.

  16. 16.

    On the risk of de-contextualisation in SNS, see Dumortier 2009, available at http://works.bepress.com/franck_dumortier/1.

  17. 17.

    De Terwangne 2012, p. 112 and 117, also available at www.idp.uoc.edu.

  18. 18.

    Moiny 2012.

  19. 19.

    Copeland 2012, p. 1.

  20. 20.

    De Terwangne 2012, p. 110.

  21. 21.

    Article 6(1)(b), (e) of the 95/46 Directive.

  22. 22.

    De Terwangne 2012, p. 114.

  23. 23.

    Article 24 of the 95/46 Directive.

  24. 24.

    A “controller” is “the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; […]” (Article 2, d) of the Directive.

  25. 25.

    Article 14(1)(b) of the 95/46 Directive.

  26. 26.

    Copeland 2012, p. 4.

  27. 27.

    COM(2010)609 final.

  28. 28.

    Van Alsenoy et al. 2009, pp. 65–79.

  29. 29.

    Gomes de Andrade 2012, p. 124.

  30. 30.

    Article 17.1. The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, especially in relation to personal data which are made available by the data subject while he or she was a child, where one of the following grounds applies: (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data; (c) the data subject objects to the processing of personal data pursuant to Article 19; (d) the processing of the data does not comply with this Regulation for other reasons. (emphasis added).

  31. 31.

    Article 17 is entitled “Right to be forgotten and to erasure”. One could wonder whether Article 17 establishes two separate rights. This is not the case as these two rights are merged in the view of the authors of the Regulation Proposal (see recital 54: “To strengthen the ‘right to be forgotten' in the online environment, the right to erasure should also be extended […].” Also Opinion of the European Data Protection Supervisor on the data protection reform package (7 March 2012, point 146): “The right to erasure has been strengthened into a right to be forgotten to allow for a more effective enforcement of this right in the digital environment”.

  32. 32.

    Article 19.1 of the Regulation Proposal states: “The data subject shall have the right to object, on grounds relating to their particular situation, at any time to the processing of personal data which is based on points (d), (e) and (f) of Article 6(1), unless the controller demonstrates compelling legitimate grounds for the processing which override the interests or fundamental rights and freedoms of the data subject”.

  33. 33.

    Recital 53 (emphasis added).

  34. 34.

    European Parliament, Draft Report on the Proposal for a General Data Protection Regulation, Committee on Civil Liberties, Justice and Home Affairs, Rapporteur: Jan Philipp Albrecht, 17 December 2012, Amendment 34.

  35. 35.

    Opinion of the European Data Protection Supervisor of the data protection reform package, 7 March 2012, p. 148.

  36. 36.

    Opinion of the European Data Protection Supervisor of the data protection reform package, 7 March 2012, p. 147.

  37. 37.

    Koops 2011, available at www.ssrn.com.

  38. 38.

    Moiny 2010, pp. 250–253; Van Alsenoy et al. 2009, pp. 65–79.

  39. 39.

    ECJ, 6 November 2003 (Lindqvist), C-101-01, Rec. p. I-12971, § 47.

  40. 40.

    Article 29 Data Protection Working Party, Opinion 5/2009 on online social networking, WP 163, p. 6.

  41. 41.

    ECJ, 16 December 2008, Tietosuojavaltuutettu v. Satakunnan Markkinapörssi Oy and Satamedia Oy, C-73/07. See comment of this case by De Terwange 2008, Satakunnan Markkinapörssi Oy et Satamedia Oy, Affaire C-73/07, R.D.T.I., 2010, n° 38, pp. 132–146.

  42. 42.

    Article 29 Data Protection Working Party, Opinion 5/2009 on online social networking, WP 163, p. 6.

  43. 43.

    In Google’s legal advisor’s view, there should be no expectation of privacy on the Internet and the right to oblivion represents the biggest threat to Internet free speech in our time, http://peterfleischer.blogspot.com/2011/03/foggy-thinking-about-right-to-oblivion.html; see also Mayes 2011.

  44. 44.

    Gomes de Andrade 2012, p. 130.

  45. 45.

    Daly 2011, available at http://emergingbusinessadvocate.wordpress.com/2011/03/15/le-doit-a-loubli-can-we-achieve-oblivion-on-the-internet/.

  46. 46.

    De Terwangne 2012, p. 117.

  47. 47.

    See ENISA 2012, available at https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/the-right-to-be-forgotten/.

  48. 48.

    Opinion of the European Data Protection Supervisor on the data protection reform package, 7 March 2012, p. 24 and Article 29 Working Party Opinion 01/2012 on the data protection reform proposals, 23 March 2012, WP 191, p. 13.

  49. 49.

    Also Article 17, § 7: “The controller shall implement mechanisms to ensure that the time limits established for the erasure of personal data and/or for a periodic review of the need for the storage of the data are observed.”

  50. 50.

    www.x-pire.de/index.php?id=6&L=2.

  51. 51.

    Recommendation CM/Rec(2012)4 of the Committee of Ministers to member States on the protection of human rights with regard to social networking services.

References

Download references

Author information

Authors and Affiliations

  1. CRIDS—University of Namur, Namur, Belgium

    Rachele Ciavarella

  2. Faculty of Law, CRIDS, University of Namur, Namur, Belgium

    Cécile De Terwangne

Authors
  1. Rachele Ciavarella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cécile De Terwangne
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rachele Ciavarella .

Editor information

Editors and Affiliations

  1. eLaw – Center for law in the information society, Leiden University, Leiden, The Netherlands

    Simone van der Hof

  2. eLaw – Center for law in the information, Leiden University, Leiden, The Netherlands

    Bibi van den Berg

  3. Faculty of Law eLaw – Centre for Law in the Information, Leiden University, Leiden, The Netherlands

    Bart Schermer

Rights and permissions

Reprints and permissions

Copyright information

© 2014 © T.M.C. Asser Press, The Hague, The Netherlands, and the author(s)

About this chapter

Cite this chapter

Ciavarella, R., De Terwangne, C. (2014). Online Social Networks and Young People’s Privacy Protection: The Role of the Right to Be Forgotten. In: van der Hof, S., van den Berg, B., Schermer, B. (eds) Minding Minors Wandering the Web: Regulating Online Child Safety. Information Technology and Law Series, vol 24. T.M.C. Asser Press, The Hague. https://doi.org/10.1007/978-94-6265-005-3_9

Download citation

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation