I attended the very instructive seminar organised by the Westminster Media Forum today on privacy, social media platforms and the right to be forgotten. The idea of the 'right to be forgotten' has been promoted by Viviene Reding (VP of the EU Commission) recently and has attracted a number of strong and diversion reactions (e.g. Tessa Mayes` recent article on the subject in the Guardian).
There were a number of key actors from different provenance in the hot seat today at the WMF to discuss this very issue such as the Information Commissioner (Christopher Graham), privacy experts such as Caspar Bowden (Microsoft) and Georgina Nelson (Which?), academics such as Dr Chris Pounder, and interested parties such as Jim Killock (ORG) and Tessa Mayes. The full list of speakers can be found here.
Three crucial points emerged from the discussion in my view. Firstly, privacy (or rather the expectation of privacy) is very much contingent of the specific setting (i.e. the specific SNS) and its technological capabilities (e.g. is the privacy expectation in Twitter the same as the privacy expectation in Facebook?). A second important point emerging from the seminar is the commodification of data and the impact of data monetisation on privacy expectations (i.e. users are foregoing their data for the benefit of enjoying free access to all the services offered by SNS). Finally, the old issue of education surfaced and many speakers argued that a key component of the solution to the privacy issues raised by SNS rested on educating users about privacy issues in SNS (i.e. what should their expectation be? how can they protect their privacy efficiently etc).
CyberPanda thinks that there is a lot of merit in the idea of a right to be forgotten. On a theoretical level, it puts the 'power' (term used loosely here) back in the hands of the users who have more than a mere right to object to data processing and places more evidential burdens on data controllers. However on a practical level, this raises many issues including the old issue of how to enforce EU laws against a US-based company, and also whether the right to be forgotten is enough to deal comprehensively with the whole array of issues raised by SNS (e.g. what is the expectation of privacy for data which the data controller can prove that it needs?).