Deleting information from a digital/computer system should fundamentally put it out of existence. It may stay in your memory but it is deleted from the medium it existed on. However, in many cases, the information on the web ‘reappears’, proving that it was never deleted in the first place. Google’s Eric Schmidt has admitted to the “lack of a delete button on the Internet as a significant issue”, thereby hinting to disillusion us.
The anxieties arising from the fate of our deleted data led people to run experiments wherein they deleted their information from Facebook, only to see it return in a few days. Facebook’s privacy policy claims that our deleted content may persist in backup copies for a “reasonable” period of time (but will not be available to others).
The ambiguity of what is a ‘reasonable period of time’ is evident, and while it may not be available to others it is retained on Facebook. In addition to this, it also says “some of this information is permanently deleted from our servers; however, some things can only be deleted when you permanently delete your account.”
Jose Mircheal in his book Facebook Democracy talks about how closing a Facebook account is itself a difficult and slow procedure. “Even if you are able to exit, the issue of your past Facebook life remains.”
The issue gets complicated when other parties enter the domain with access to the information that we are indirectly permitted toward. One no longer controls that which has been disseminated to countless other places and expanded over the web.
Companies such as Yahoo! Foursquare and Tumblr commit to deleting user data but elsewhere also state that the information may be available and accessible to others, even after deletion. Therefore, the potential of retaining users’ deleted data ‘indefinitely’ or for a ‘reasonable’ amount of time is extremely high on such platforms. Especially by third-party developers or advertisers, of which the users may or may not have any information (Gertwerth, Leenes and Hert).
The survey done by the authors of Reloading Data Protection highlights that the privacy policy of companies engage in ‘quasi-forgetting’, where promises of erasure or deletion are hedged by a number of conditions relating to the timing of the deletion, the inability to guarantee the behaviour of third parties (including law enforcement), the need to retain for unspecified legal purposes, the technical complexities and the realities of data analytics (Getwerth et al ,).
Our knowledge of what happens to our data we delete is limited, skillfully placed and jargonised in the terms and conditions we agree to. Turns out people care about privacy as much or even more than their public actions. The above developments also gave rise to counter-strategies that deal with the thorough deletion of data. Service and solution players stepped in, and so did the law.
The ‘Blancco Data Eraser’ is one such solution-provider that assists in data deletion. Its CEO, Kim Vaisanan, says: “Our clients don’t pay us for deletion; they pay us for verification.”
Another company, DeleteMe, charges its customers $10 for deleting an account and $50 for deleting search results. They do this by pointing at companies’ own privacy policies and following up with legal orders in case the data are not removed.
The threat of legal action could be your saving grace in preventing the company from selling out your information (Carr).
In 2010, a Spanish citizen filed a lawsuit against Google Spain over infringement of his privacy and asked the company to delete information that appeared on the web in his name. This led to a relook at the framework of the European Union’s 1995 Data Protection Directive and gave rise to ‘The Right to be Forgotten and to Erasure’. In 2014, the court, in its press release on the case, Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González, stated: “An internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties.”
Article 17 of the ruling of Right to Erasure, stated that “The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data.”
This kind of ruling reestablishes our principles and values on notions of privacy, democracy, free speech and forgiveness. It is embedded in institutions of ‘globalisation’ and ‘instant communication’ (Brock, 2016). Many other countries are now exploring the implications of this law and deliberating over its legislation within new or existing frameworks.
The case in India
With over 500 million Internet users in India, data protection and knowledge becomes highly imminent. The Ministry of Information and Electronics Technology drafted a Personal Data Protection Bill 2018 in July 2018. The framework includes the ‘Right to be Forgotten’ under the Data Principal Rights. The subject would be required to fill an application, which will then be assessed by an adjudicating officer.
However, this right differs from the Right to Erasure in such as providing with ‘restriction of processing’ rather than erasure. As in its nascent stage, a more comprehensive system could be developed to make sure the assessment of the grievance is done in a transparent and fair manner.
The noise around data privacy and data protection only seems to grow, bringing in new dimensions and challenges for us to explore. As Jones in her book Ctrl Z puts it, “before you delete your next Facebook post, tweet, blog, comment, email, set of cookies, or chat, consider whether you’re destroying history or exercising your power to participate in your digital identity.”
shefali976@gmail.com
