Generations of mothers have warned their offspring that; "Life is like a pathway leading through the snow; be careful how you tread, for every mark will show." But in the internet era the European Court of Justice begs to differ.
Just about anyone who uses Facebook or Twitter knows the sinking sensation that accompanies being tagged in an unflattering photo or reading, in the cold light of morning, a late night pontification.
Young job hunters are regularly alarmed to learn that recruiters routinely trawl social networks looking for school or university posts to discover whether job candidates pose an employment risk. Many of us are surprised at what a Google search of our names reveals.
Not surprisingly the prospect of a "right to be forgotten" sounds enticing.
In May the European Court of Justice handed down a decision that has been described as an important first step towards allowing precisely that. In the case at hand the ECJ determined that search giant Google was a "data controller" as defined under the European Data Protection Directorate.
The ECJ noted that; "An internet search engine operator is responsible for the processing that it carries out of personal data, which appear on web pages published by third parties" and, as such, was obliged to remove data that is; "inadequate, irrelevant or no longer relevant."
According to UK media reports Google is dealing with a deluge of 1,000 requests a day from people who want links to personal data removed.
Search engines however are not silos of information – they simply create software that trawls content on the internet, indexes it, and when someone searches on that term, points them to the location where that data is stored. Google cannot remove the data itself, it can only remove the link or signpost to the data, and then only if its team of newly hired paralegals determines that the offending data meets the criterion of being; "inadequate, irrelevant or no longer relevant."
The ECJ judgment applied only to Google, but the clear implication is that any organisation or enterprise that offers search capability might in the future be obliged to follow suit. These organisations might similarly be required to interpret what data classes as "inadequate, irrelevant or no longer relevant", in the process applying an arbitrary and clumsy filter on history.
The ECJ decision is nevertheless of international interest and its ramifications will be closely observed by governments around the world. The Australian Law Reform Commission has already raised the issue of Australians' potential right to be forgotten in a recent discussion paper, which is now being considered by the Government.
While it's impossible to second guess what the Government might do with that recommendation, it has already demonstrated a keen appetite for technology-related reform.
In June, the Attorney General Senator Brandis announced plans to introduce legislation to the Parliament to overhaul the rules governing how online information can be examined once a warrant is obtained.
The legislative changes will affect the rules governing computer searches by the Australian Security Intelligence Organisation but ultimately could have a much broader industry impact.
The legislative changes will centre around a series of recommendations from the Parliamentary Joint Committee on Intelligence and Security intended to bring up to date the warrant provisions available to ASIO. For example, in the past warrants were provided for physical computer searches and took no account of modern computing techniques such as cloud computing and virtualisation where data does not reside on a single physical device.
The Joint Committee recommended that warrants be extended from a single physical computer to also include; "Computers connected to a particular person or a computer network." Any legislation supporting that requires careful wording to ensure that all and any computers connected to a computer network are not inadvertently exposed to the provisions of a warrant.
It may also be that the Government adopts the Joint Committee recommendation that it explore how third parties – such as internet service providers - might be involved in accessing data under ASIO warrant provisions.
ISPs would have to work out their response to such a requirement, just as they would have to establish policy and procedure should they be obliged to remove links to online data to comply with any future right to be forgotten initiatives.
Yet what ASIO knows, and the rest of us are learning, is that it is nigh on impossible to completely eradicate online information. Disabling a search link merely removes the signpost, the data is still there to be found, and the more contentious the information the more likely that it has been copied for sharing via peer to peer networks.
Mother was right; be careful where you tread.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
