In this age of technological advances and reliance on social media, the topics that we see frequently grabbing the headlines are the problems that unwanted photographs or information online can cause unsuspecting individuals. Take, for example, unflattering or embarrassing photos or references to personal situations that happened long ago finding their way into the hands of someone’s prospective employer. Another example is the malicious spreading, in an act of revenge, of personal or even incriminating evidence about somebody.
Crying Out for Better Protection
Such acts can have different impacts, ranging from mild annoyance or inconvenience to the potential loss of reputation, relationships or jobs, and many of us have been crying out for some time for better protection to ensure that we don’t fall foul of such damage. Of course, making sure that your social media and computer privacy settings are switched to the most confidential setting possible is important, but this often doesn’t go far enough in offering the protection that is needed to prevent unwanted exposure.
Where Does the Law Currently Fit?
So, where does the law come in here? More specifically, how can the law help us in removing unwanted content from social media platforms? Many of us will be relieved to learn that there has been sustained progress in this area of late, which is both timely and needed as the largest-scale piece of legislation in this area was the Data Protection Act of 1998. From a social media perspective, the backdrop of privacy was very different and much less of a pressing concern than it is now. It certainly is time for a review in this complex and ever-changing area, and there are two interesting developments that are beginning to move things forward for the internet user.
Firstly, the government intends to bring forward legislation to protect users online by giving them the right to request that social media companies remove their personal data. This is accompanied by a robust deterrent from the Information Commissioner’s Office, giving them the ability to issue fines of up to £17 million or 4% of global turnover if an online organisation is found to be in breach of its duties of privacy. The objective of this legislation is to give internet users a far greater degree of control over their personal information and how it is used and stored, and to give them the means by which to make complaints and requests directly to the internet platform, which must be considered in the context of the law.
Article 17 of the GDPR
In a similar vein to the UK Government’s approach described above, the General Data Protection Legislation (GDPR) is a Europe-wide law that is over seven years in the making and comes into force in May 2018. It will apply to the UK, which at that point will still be part of the EU.
One key area of the GDPR is Article 17, which relates to the “right of erasure”. In a nutshell, the principle behind this regulation is the right of individuals to request that internet search engines remove unwanted information about them and to hold data handlers more accountable for the private information they keep about their customers. Of course, the complexity lies in the reason for the removal request and what duty the search platform has to oblige with the individual’s wishes.
The key question here is one around the delicate balance between the search engine’s freedom of expression and the individual’s right to privacy, and it is here that the lines get blurred. Simpler cases do exist, such as the request of an adult to remove personal information about when he or she was a child. Not all circumstances will be clear cut, however, and it will be interesting to see how the regulations are applied in practice.