SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
The right to be forgotten online could soon be forgotten
Thu, 14th Feb 2019
FYI, this story is more than a year old

The advent of the internet has brought with it new paradigms and increased access to the right to free speech and the freedom of information. Its constant evolution has made it an integral part of our day-to-day, with almost every aspect of our lives – from communication to the political process – moving online.

As our lives increasingly play out in the digital dimension, troves of personal data and records on almost any individual are readily available to anyone else with a connection. Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.

A case between Google and France's data protection authority, Commission nationale de l'information et des libertés (CNIL), saw the European Court of Justice (ECJ) rule that the right to be forgotten was not enforceable globally, and that legislative protections of this “right” only applied in Europe. Some say that this ruling puts the ‘right' to privacy at stake.

But I would argue that the internet has always been about freedom, so we should not expect to have our ‘desire' for privacy confused with a ‘right.' Because of the open nature of the internet, everyone who has access to our information is technically free to take it and do with it what they please. It is therefore sensible for individual internet users to proactively defend our online identities, without relying on arbitrary protective legislation to ensure we are not abused.

As a result of our dependence on the internet in our daily lives, the solution of simply severing our connection and deleting our online presence is hardly practical. However, this shouldn't dissuade us from making efforts to protect ourselves online. A series of minor changes to our internet habits can go a long way in protecting both our personal information and our personal data from being stolen, used, and abused.

As much as possible, users should be cognisant of the information they post online and should avoid trusting service providers with highly personal information such as financial details or private documents, like passport details and social security numbers. The usage of password managers, secure messaging applications, and keeping software updated greatly reduces individual exposure.

However, as online privacy concerns continue to mount, new technologies are always being developed to provide improved levels of data security for end users. Many people will find the availability of private, anonymous, and secure ways of engaging with the internet surprising. While these technologies create new means of protecting our online data, and enhance our personal cybersecurity, they do not immediately address the existence of outdated, untrue, or excessive information posted on the internet.

As the lines between our public and private lives become more blurred by the day, and our online identities continue to serve as de facto character references and professional profiles, the impact which false information can have on a person's public reputation cannot be overstated. Anything posted about a person online which is unfavourable or untrue could have serious long term effects on their future.

Recently, swathes of high profile figures have been criticised for something they said or did online years ago. If we don't change our habits, your future self might regret your current postings, comments, or conversations. The ECJ's recent ruling on the right to be forgotten reminds us that we shouldn't rely on legislation alone when it comes to our digital lives, and should make regular risk assessments about the information we post online, and to always be skeptical of that which we see.

As international organisations and corporations show themselves to be unreliable proponents of digital privacy, it is increasingly up to the individual to accept the responsibility of protecting and managing their own information and data. New technologies and decentralised networks promise to grant consumers a way of regaining control over the flow of information online, opening up new avenues of privacy and security within the digital domain.

Although the right to be forgotten may itself soon be forgotten, this does not mean that internet users must resign themselves to having no control over the digital realm. If international organisations cannot be expected to protect users from the dangers of the digital world we live in, it is time for individuals to defend themselves with the appropriate tools.