The privacy divide: Bridging the gap between legal traditions
January 12, 201712 January 2017
The European Court of Justice’s much maligned decision in Google Spain SL, Google Inc. v Agencia Espaňola de Protectión de Datos, Mario Costeja González handed down in May of 2014, appears to compel search engines (most notably Google, which it deems a “data controller”), to remove links to certain impugned search results at the request of individual Europeans (and potentially by others beyond Europe’s borders). It so held by virtue of the “right to be forgotten”, recently enshrined in article 12 of the revised 1995 European Data Protection Directive 95/46/EC. Further complicating an already thorny situation is the court’s failure to impart much-needed practical guidance in Costeja. More importantly perhaps, the decision underscores the right to be forgotten’s divisive character across common law/civilian lines that now extends beyond the United States.
What’s more, Costeja may inadvertantly and ironically have the effect of appointing (chiefly American) “data controllers” as unwitting and ill equipped private censors; arbiters of the European public interest and beyond.
Indeed, the decision may be deemed a culmination of the growing divergence between Anglo-Saxon and continental approaches to privacy significantly extending beyond the U.S., to the United Kingdom, which also appears to be rejecting the right to be forgotten, at least as set out by the ECJ.
It further reflects internal normative contradictions within the continental tradition and emphasizes the urgency of re-conceptualizing digital privacy in a more transystemically viable fashion in Europe and beyond. It’s why informational privacy must ultimately be re-theorized in a manner that would presumably obviate — or at the very least palliate — the need for a stand-alone ill-defined and under-theorized right to be forgotten, as set out at pains in Costeja.
It is a procedural right predicated on the impracticable idea that individuals own data, rather than a right to their identity itself and the perception thereof. It therefore fails to accord with the long-established civilian tradition of personality rights, which, unlike its common law counterpart, emphasizes personhood not property. In the end, a more robust — possibly transystemic but at least transystemically viable — construction of privacy predicated on protecting identity rather than property would allow for a conversation between common law and continental jurists and for a more nuanced balancing of privacy and freedom of expression.
The proposed re-examination comes at a critical juncture, made all the more pressing by an apparent copycat phenomenon of sorts, whereby policy makers and courts beyond Europe — most recently in Canada —may be tempted to mimic the ill-defined “right to be forgotten” in Costeja. Consider the Equustek v Google Inc decision, in which the British Columbia Court of Appeal upheld a ruling compelling Google to delete any reference to the defendants from its worldwide search results, for trademark infringement. The court specifically cited Costeja in support of its reasoning in favour of the international scope of the ruling opining that “international courts do not see these sorts of orders as being unnecessarily intrusive”. Decisions such as this, when read together with discussions of whether Canadian policy makers should legislate a right to be forgotten, or courts should read it in, is a hint that this under-theorized concept could spread prematurely.
The civilian approach
Broadly speaking, civil privacy is a matter of affirmative rather than negative rights, and consists of two parts. First, it is the right to engage in individual self-definition and self-invention, rather than the right to be free from surveillance. Second, privacy is also the responsibility not to unnecessarily compromise one’s own information in the naive hope that the information will not be misused.
In the civil law approach, privacy is understood as a zone of intimacy delineated by the basic needs of personhood, rather than by space or ownership. In effect, “personality allows one to define oneself in relation to society” and can, therefore, be a very important “impression management” tool in the internet age.
With respect to duties, as Adrian Popovici has noted in the French context, “personality rights, as subjective rights, comprise both an active and corresponding passive side. The active side is the “power” of the right’s holder over the object of the right; the passive side is the “duty” of others to respect this very same object.” The dual emphasis is reflected in the controversial right to be forgotten, as well.
However, the tool that was recently developed in Europe to address what Richard Briffault has, in a different context, called the “over disclosure problem” ironically forces private U.S. actors to usurp European courts’ function of balancing between important constitutional values. It further tends to stifle rather than encourage free expression and has proven far too blunt and awkward for common law jurisdictions to swallow. Given the transnational nature of commerce, by virtue of which U.S. companies must contend with European regulation, the novel concept of a right to be forgotten must be rethought, on both a conceptual and practical level. This rethinking should substantively work with the civil law tradition’s personality rights, which are based on personhood (identity) rather than the common law tradition’s underpinning in notions of ownership ironically reborn in the European context of data protection.
Also, the application of the right to be forgotten in the context of the global governance of data has led to the worldwide impact of local norms. The liberal interpretation of jurisdiction in Canadian law in matters concerning the Internet, evidenced by the Equustek decision as noted (and Goldhar v. Haaretz inter alia), is indicative of this.
A “conceptual middle ground”?
The global governance of data invites a cosmopolitan understanding of informational privacy. But we must first recognize this conceptual incoherence if we want to bridge the gap in policies and practices that is urgently needed. We must also clearly articulate what we mean by key concepts (such as the right to be forgotten). In this vein, comparative inquiry can help. It can recognize those underlying assumptions that generate conceptual obstacles to protecting privacy in the digital age, and can eventually aid scholars and lawmakers in formulating more coherent policies in this area.
The civil law method’s traditional conception of privacy—as personality rights with their countervailing duties—is better suited to the goals of privacy management in an age of rapid technological advances and cross-border exchanges. The drawback lies in the loss of meaningful control over the integrity of information in identity management, rather than property infringements of data.
Perhaps there is an alternative approach to conceptualizing informational privacy in the digital context — a cross-cultural one in which both Facebook’s Mark Zuckerberg (who seemed to suggest that privacy is dead) and former Director of the Federal Trade Commission’s Bureau of Consumer Protection, David Vladeck (who invited us to rethink privacy as dignity) are both correct. While the old notion of aloneness or seclusion is indeed passé, privacy as the inherent right and duty to control one’s identity—and the harm to privacy being the loss of that autonomy (not the “loss” of data ownership per se)—is very much alive.
In the end, a more robust—possibly transsystemic, but at least transsystemically-viable—construction of privacy predicated on protecting identity, rather than property, would allow for a conversation between common law and continental jurists, and for a more nuanced balancing of privacy and freedom of expression.
It may ultimately help overcome cultural barriers for the purpose of a transnational exchange in a way that the blunt, procedural and property-based “right to be forgotten” never will. This, in turn, will facilitate rather than stunt or frustrate global commerce, perhaps eventually leading to a “conceptual middle ground,” or at least a practical one in the interim.
This article is based on a longer exploration of the topic published in the latest volume of the Canadian Bar Review. Karen Eltis is a Professor of Law at the Faculty of Law of the University of Ottawa and affiliate faculty at Princeton’s Center for Information Technology Policy (CITP). The authors’s opinions are her own.