Lade Inhalt...

How the European Court of Justice Case "right to be forgotten" can be relevant for cybersecurity

Studienarbeit 2018 11 Seiten

Jura - Europarecht, Völkerrecht, Internationales Privatrecht

Leseprobe

Table of contens

Tallinn 2018

1. INTRODUCTION

2. ELEMENTS OF THE RIGHT TO BE FORGOTTEN

3. HOW ARE CITIZENS AWARE OF CYBER-THREATS? A BRIEF ANALYSIS

4. THE “HARD” ROLE OF THE RIGHT TO BE FORGOTTEN: CYBERCRIMES

5. BALANCING THE RIGHT TO BE FORGOTTEN WITH ITS LIMIT. CONCLUSION

1. INTRODUCTION

Almost four years are passed since the European Court of Justice rendered its judgement, the so- called “Google Spain” Case (C-131/12), and, although it had already been perceived as revolutionary years ago, nowadays it will acquire a new importance thanks to the Article 17 of the GDPR and thanks to the new interpretation that the Court may give to the right to be forgotten.

The Internet is overwhelmed by personal data, that are massively collected and traded, and it is quite common in our everyday life to hear news concerning cyber-attacks, or generally cyber­threats that, increasingly, have the purpose of violating users’ data. Moreover, States on an international level have shown serious difficulties in creating binding treaties to protect efficiently the data subjects as some recent scandals proved. In fact, with the growing importance and involvement of personal data it will be difficult to think at all the authorities to prevent or to countercheck efficiently the future cyber-threats and so I would like to show in the following chapters how the right to be forgotten might become the crucial factor with which individuals can protect themselves and their rights.

Furthermore, I will try to analyze the right to be forgotten and its relevancy for cybersecurity within three fundamental aspects.

Firstly, how EU citizens may use appropriately the right to be forgotten to prevent the harmfulness of cyber-attacks; secondly, which are the limits of this right in order not be itself prejudicial for cyber-security, eventually the tensions among citizens, governments and enterprises in ensuring protection and security.

The right to be forgotten has been analyzed by the European Court of Justice in “Google Spain Case” taking as a reference point the directive 95/46.

In the judges’ opinion, Google and the other search engines must be considered as “the controllers” and they have the duty to erase those data that have not any more a public interest that justifies them, and if there is an order laid down by a judge.

In this research I am taking into account some issues of Italian National Law, that can be useful to extend the reasonings analogically to other Countries. Furthermore, to analyze the digital education of the data subjects I am taking as an example Singapore.

Eventually, some academic articles and reports by Non-governmental organizations that committed themselves to the digital rights.

2. ELEMENTS OF THE RIGHT TO BE FORGOTTEN

Numerous authors wrote various definitions to identify the core of the right to be forgotten. It obviously depends on the specific legal system to which we refer and on the legal traditions of the single countries. Putting an effort to find a legal common base and taking into account the Case C-131/12 we may find these elements[12]:

1) Data concerning specific data subjects published and indexed by search engines;
2) Harm to one person’s fundamental rights;
3) Information potentially available in perpetuity or unlawfully processed;
4) Right to ask for erasures of these data at certain conditions[1] [2] [3].

The right to be forgotten is not an “absolute right”. It has to deal with the freedom of expression and information. Furthermore, some authors criticize at all its consistency as a “human right”, arguing that it is just a “foggy thinking”[4].

To be precise, if we read the Google Spain Case we would not find the European Court of Justice writing explicitly about the Right to be forgotten and that is why it has been argued that specifically, this case didn’t deal with that right[5].

What is sure is that, nowadays, the Art. 17 GDPR regards specifically that right, so it cannot be asserted anymore that the right to be forgotten is inconsistent or “foggy”.

This right can be important for different fields of the law.

At first, it can be important for criminal law. Is it a public interest or rather shameful to know forever all the criminal records and judgements related to a person?

Secondly, the right to be forgotten is related to constitutional law. In fact, in some constitution we find articles dealing with the “right to honor or reputation”[6] and so we have to find a balance between this right and the other Constitutional rights, such as this one, or the others concerning the freedom of information.

Eventually is related to cybersecurity law. If individuals will have the possibility to erase easily their data, without affecting the freedom of information, cyber-threats such as phishing, ransomware, and others might lose their dangerousness.

In fact, it is difficult to create international treaties to protect effectively the citizens from international cyber-threats, which are binding and mandatory.

In absence of the States, enterprises can easily invest their money to protect themselves, but the weaker subjects are the natural people, often uneducated about their rights or incapable of understanding simply how their data are treated.

In this situation, it is necessary to analyze how the right to be forgotten can become a central right for all the people that demand an autonomous protection.

3. HOW ARE CITIZENS AWARE OF CYBER-THREATS? A BRIEF ANALYSIS

Are people really aware of the risks of nowadays cyber-threats? A question like this cannot have a direct yes or no as an answer. We should analyze the people looking at air age, their digital education and other relevant information. But since Cybersecurity became a relevant issue, some States have tried to find a concrete response.

For instance, the Cyber Security Agency of Singapore (CSA) started in 2016 a survey to understand what the public awareness, behaviors and perception is to lay down a specific cyber­security strategy[6] [7].

67% of Singaporeans didn’t feel that there is enough information about cybersecurity. And considering that only two years are passed, and that Singapore has one of the best education systems in the world[8] we may legitimately consider this survey as alarming.

Who, among us, cares at all about deleting the data after having used an online service? Who actually cares about changing his password after a certain time or about the capacity of itself to protect data?

In any case, every time the legal ground of the right to be forgotten is not at issue (so there is no doubt about the application of it), all the internet users should be informed about the data that are still owned by the undertakings or by the Governments, but people sometimes don’t know or simply forget what is still available online, they don’t respect the minimum precautions in creating passwords[9], and they are not conscious of the right to access.

After Cambridge Analytica case Facebook Inc. has developed a tool that permits to all the users to understand immediately which data are still owned by third parties.

A solution like this is desirable also for all the other enterprises.

If all the European Citizens will exercise the right to be forgotten, cyber-threats may become less dangerous in the future. Hackers will have fewer data to steal, and data theft would inevitably decrease as a phenomenon.

Unfortunately, since the Google Spain Case, as stated in the Google Report, many of the frequent requesters of the right to be forgotten, were law firms and reputation management services.[10]

So, it is clear that undertakings are more incentivized to care about their reputation more than personal individuals. The latter are the real weak subjects, more often victims of cyber-threats. There should be an information campaign that tries to inform simply all the European citizens about their rights and to make them accountable for the risks of Cyber-threats: it is not necessary that reputation is in jeopardy, but the dominant mindset that we should spread is: “all the data that are not anymore useful to enjoy a service, must be deleted, and I should ask for that”.

Even if the enterprises are trustworthy and even if they adopt the maximum standard in Cybersecurity, it is necessary to develop this “new conscious of the risks” in the EU citizens.

[...]


[1] Meg Leta Ambrose, and Jef Ausloos. "The Right to Be Forgotten Across the Pond." Journal of Information Policy 3 (2013): 1-23. doi:10.5325/jinfopoh.3.2013.000L

[2] Steven C. Bennett, "The Right to Be Forgotten: Reconciling EU and US Perspectives," Berkeley Journal of International Law 30, no. 1 (2012): 161-195

[3] C-131/12: Search Engine is required to assess the request for deletion considering “accuracy, adequacy and relevance of the information, as well as the proportionality of the links in relation to the purposes of the data processing”

[4] Robert G. Larson III (2013) Forgetting the First Amendment: How Obscurity-Based Privacy and a Right to Be Forgotten Are Incompatible with Free Speech, Communication Law and Policy, 18:1, 91­120, DOI: 10.1080/10811680.2013.746140

[5] Cofone, Ignacio. "Google v. Spain: A Right to Be Forgotten?." (2015).

[6] For instance, the Italian Constitutional Court considered in multiple judgements that all the right of the individuals must include the “right to honor’, that comes from the Art. 2 of the Italian Constitution.

[7] CSA https://www.csa.gov.sg/~/media/csa/documents/key_findmgs/key%20fmdmgs- cybersecurity%20public%20awareness%20survey%202016.pdf

[8] The Post Internazionale (TPI) Italian Newspaper https://www.tpi.it/2016/12/07/classifica-studenti-singapore- prima/

[9] FOCUS https://www.focus.it/tecnologia/digital-life/password-vecchie-facili-violate-in-mohi-le-usano

[10] IRISH TIMES https ://www.irishtimes.com/business/technology/google-receives-2-4m-requests-to-delete-search- results-1.3407979

Details

Seiten
11
Jahr
2018
ISBN (eBook)
9783668757394
ISBN (Buch)
9783668757400
Dateigröße
543 KB
Sprache
Englisch
Katalognummer
v431011
Institution / Hochschule
Tallinn University – TTÜ Tallinn - University Of Technology
Note
5/5
Schlagworte
privacy data protection cybersecurity right to be forgotten

Autor

Teilen

Zurück

Titel: How the European Court of Justice Case "right to be forgotten" can be relevant for cybersecurity