This page contains a Flash digital edition of a book.
MANAGEMENT PRIVACY


In a consultation document explaining the


proposed amendments, the EC articulated this as “the right of individuals to have their data no longer processed and deleted when [it is] no longer needed for legitimate purposes.” According to Viviane Reding, European


commissioner for justice, citizens should be able to refuse consent for data about them to be processed, withdraw their consent at any time in the future, and ask websites and other services to remove any information about them from online and offline data stores. According to a spokesperson for the commissioner, “It is your data, and it is gone for good.”


PRIVACY 2.0 The proposal of a right to be forgotten appears to have been inspired by social networking sites, which pose numerous risks to privacy by exposing personal data online and which, in some cases, can make it rather difficult for users entirely to remove their data. “The evolution of social networks is an opportunity for organisations to collect massive amounts of data on individuals, including real-time data,” explains George Thompson, a director of security services at KPMG. “The public is mainly unaware of the risks of fraud, for example. The complexities of these vulnerabilities are beyond the grasp of most people.” There are criminal risks associated with social networking data, such as identity theft or social engineering attacks, where an individual’s personal data is used to convince them to hand over passwords or bank account details. The right to be forgotten would mean that individuals could at least ensure they are not exposed unwillingly. There are other concerns, too: it is not


unheard of for job candidates to be turned down because employers found risqué pictures of them on Facebook. Some EU states, such as Germany, have already banned the use of information gleaned


from social media in this way. The new regulations would not rule this out altogether, but it would give individuals an avenue to restrict the circulation of potentially embarrassing information. Social networks also expose individuals to analysis and monitoring by business, whether or not they are aware of that fact.


“Technically speaking, the right to be


forgotten is an empty right,” says Rolf von Roessing, international vice president of ISACA, the security professionals’ body. “Any law will be, at best, moderately successful inside the EU and affiliated countries.” He says that the international nature of the Internet means that any regulations drafted


“The proposal of a right to be forgotten appears to have been inspired by social networking sites, which pose numerous risks to privacy”


“Monitoring social media has rocketed up the business agenda in the past three years,” says Drew Benvie, managing director of marketing agency 33 Digital. “Around nine out of 10 corporates now monitor social media at some level.” But according to Eric Domage, manager


for Western European security research and consulting at IDC, consumers are becoming increasingly frustrated by websites and social media services that market or advertise to them based on data they have gleaned from their preferences or online behaviour. The right to be forgotten would give


citizens the power to withdraw information they no longer wish to be publicly visible from the automated eyes of social media monitoring tools. For businesses that wish to employ those tools, it may reduce the amount of personal data available, but it would also reduce the risk of frustrating customers by basing offers and discounts on data they wish to keep private.


PUTTING IT INTO PRACTICE The principle of a right to be forgotten, then, is hard to fault. The difficulty will be in formulating workable regulations – local legislation would have to be updated before it came into effect – and enforcing them.


www.information-age.com


by the EU will have little or no impact on data held elsewhere. Authorities across the EU already face significant challenges enforcing sanctions against those committing cyber crime and other security breaches, especially if the perpetrators base themselves outside the European Economic Area. Although the European Commission undoubtedly has consumers’ interests at heart, concerns are growing that the proposed regulations might be ineffective, pose an unreasonable burden on businesses and even give protection to those who have committed crimes in the past. Media companies, for example, have


raised concerns that people convicted of crimes, or those in public office, might use the revised directive to remove references to them from archives. Unless national legislation is drafted with care, the right to be forgotten could turn into a form of privacy law by the back door. “In the US, for example, some states have


laws that require publication of the names and photographs of sex offenders, because that is [considered] in the public interest,” says Roessing. This could cause issues if the ex-offender moved to Europe and claimed the right to be forgotten. “On the one hand,


INFORMATIONAGE APRIL2011 21


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52