Cite as: C Hackett and U Connolly, “Privacy From Birth To Death And Beyond: European And American Perspectives. Symposium Report”, (2013) 10:1 SCRIPTed 123 http://script-ed.org/?p=828
© Ciara Hackett and Ursula Connolly 2013.
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 UK: Scotland License.
On Friday 8th March, 2013, the LL.M. in Public Law and the LL.M. in Law, Technology and Governance at the National University of Ireland Galway convened a symposium on “Privacy from Birth to Death and Beyond: European and American Perspectives”. Discussion ranged from whether we have a “right to be forgotten” online, the role of contract law in protecting consumer privacy, the confused rules that govern post-mortem privacy, how to balance the participation and protection of children in the online world and the challenges that face practitioners who have to rely on case law and legislation that were developed without the digital environment in mind.
The Symposium was opened by Mr. Rónán Kennedy, Director of the LL.M. in Law, Technology and Governance, who welcomed the audience to the event, explaining that it grew out of the common interests between some of the guest speakers who were coming to speak to his graduate students and, because of its increasing topicality, became a public event. Mr. Kennedy chaired the first session.
2. The Right to be Forgotten
The first speaker was Mr. José María Baño, an adjunct lecturer at NUI Galway but based in Madrid, where he works with the Instituto de Empresa and José María Baño León Abogados. He outlined the background to Case C-131/12 Google Spain v Agencia Española de Protección de Datos, on the so-called “Right to be Forgotten”. The case concerns whether a Spanish citizen has the right to require a Spanish newspaper and Google to delete information contained in a newspaper notice published in 1998. The notice concerned an auction of real estate to pay the plaintiff’s debts to the Social Security Administration. Mr. Baño outlined three broad issues raised by the details of the reference to the European Court of Justice:
- Is there a right to be forgotten in the Data Protection Directive?
- Who should be responsible for protecting that right?
Is the Directive applicable to a search engine operating from California for data contained in the links supplied in reply to a query?
The answers to these questions are not yet clear, and the proceedings raised a number of paradoxes, including an increase in the amount of information available about the plaintiff. Mr. Baño also pointed out the issues that are raised by a lack of clear understanding of the technology on the part of the Spanish judiciary, who have posted an incompletely redacted version of the original notice on their website, most likely because they did not realise that blotting out text in a PDF is not sufficient to prevent it being copied-and-pasted. He noted that the challenge for the law is to overcome issues around both who is responsible for the information and who is accountable if the information does breach privacy rights. In addition, he considered that the relative ‘newness’ of the Internet has facilitated discussion and debate over the law as it exists and how the law can be re-imagined and applied to a unique set of circumstances that may not have been in the minds of the legislators of the current Directive.
Mr. Baño concluded that there is no right to be forgotten under the current Directive, but there is however a right to erasure that should be properly used and not misinterpreted. Obligations, if any, need to be imposed on webmasters and there is a need to reform legal publication obligations to acknowledge the Internet era. If information is public and truthful, it should remain online as in those cases, it is hard to argue that the right to “private censorship” should prevail over the right to information. He raised a final plea for an international treaty on the use of the Internet and data protection.
3. Do-Not-Track as Default
Professor Joshua Fairfield of Washington and Lee University School of Law spoke on “Do-Not-Track as Default: Transaction Costs in U.S. Consumer Privacy”. He outlined the difficulties that arise in the United States without comprehensive data protection legislation, and the lack of understanding of the issues by technical standards groups. He pointed to the example of data surveillance in the US to illustrate that these regulatory issues show how consumer protection (the lens through which privacy is analysed in the US) can be overridden by contract law.
Professor Fairfield educated those present as to the tools available to us, as consumers, to protect our privacy. As with Mr Baño’s paper, themes of responsibility and accountability were prevalent – who has the responsibility to ensure our privacy as consumers? He questioned whether this is where we may need to take ownership of our online activities or if web providers should do this for us.
In considering how these issues could be resolved, Professor Fairfield cited the cases of ProCD v Zeidenburg and Hill v Gateway 2000, Inc and how the judgments in these cases had resulted in consumers being unable to submit their own contract terms. Proposing the development of the robots.txt protocol (which protects the contents of websites from indexing by search engines) from collective to the individual and a transition from Agree to Not Agree as the default position in contractual terms that request permission from users to record their information, he argued for a use of contract law in order to make a consumer preference for “do not track” actually have real meaning.
4. Privacy After Death
Mr. Damien McCallig, an Irish Research Council Scholar at the NUI Galway School of Law, spoke on his work regarding privacy rights which might inhere in the deceased. Although the common law position is that the dead have no rights (and suffer no wrongs), there are many instances where the treatment of the deceased is intuitively unacceptable. He outlined how transposing privacy rights from the living to the deceased poses theoretical and practical difficulties but said these are not insurmountable. He went on to highlight a number of direct and indirect protections that have legal force, including freedom of information exemptions, copyright, confidentiality, publicity and image rights, survivor privacy and media regulatory codes.
Damien further pointed to the current EU data protection regime where some member states exclude the deceased, while others provide varying levels of recognition and protection to deceased data subjects. He concluded that this was an emergent area with the scope and extent of post-mortem rights not fully settled. As a result, he was concerned that harmonisation of laws, in particular under the proposed EU Data Protection Regulation, may not be possible and how, this, in itself may present a challenge in regulating the fragmented approaches – an idea that was prevalent throughout the presentation in general.
The second session of the symposium was chaired by Mr. Charles O’Mahony of the NUI Galway School of Law on behalf of the LL.M. in Public Law.
5. Children & Privacy: Protection v. Participation – A Tangled Web
Dr. Sharon McLaughlin of Letterkenny Institute of Technology spoke on the very topical issue of the practical challenges involved in balancing the need to protect and empower children to participate in new digital technological communications.
Discussing the rise of social media, Dr. McLaughlin’s presentation recognised, in agreement with the other presentations, that privacy and discussions around privacy are in a state of constant flux. She noted that this does not have to be a negative, instead arguing that this enables dynamic discussions around these issues – many of which had been highlighted by the presenters in both sessions of the symposium. She also raised some questions regarding privacy settings which drew on the earlier presentation of Professor Fairfield.
Her presentation focused on the EU Kids Online project, which is a thematic research network funded by the EC Safer Internet Programme, including some 25 participating countries. It conducted a survey which took a national sample of children (9-16 years) and their parents. It found that 38% of 9-12 year olds and 77% of 13-16 year olds have a social networking profile. 16% of children (9-16 years) reported displaying an incorrect age on their SNS profile. Given the challenges of regulating online speech, Dr. McLaughlin supported initiatives which aim to educate young people and their parents in responsible and safe use of the Internet.
Sharon indicated how a child’s right to privacy can be balanced with the shielding of children from harm and that this may challenge our preconceived notions of childhood and child protection. In ensuring that the right to privacy of children does not hinder their safety online, she highlighted the importance of educating students to community values and the importance of using social media in a safe and appropriate environment.
6. Privacy Issues in Practice
Mr. Paul Lambert of Merrion Legal Solicitors spoke on “Privacy Issues in Practice: A Litigation Light on Norwich, Abuse, Cyberbullying, Defamation, Privacy and Data Protection Concerns”. He expressed concerns about the appropriateness of the historical Norwich Pharmacal orders procedure in the modern Internet context, particularly when locating a tortfeasor may involve multiple applications involving several online service providers, all of which creates delay, expense and damage for a litigant. He queried if there was a need for a new “Norwich 2.0” order.
He pointed to the extent to which society as a whole has woken up to the darker sides of the Internet, in particular online abuse. The increasing focus on education only diverts from other solutions. He highlighted that little attention is paid to the activities and capabilities of online service providers, and their processes are rarely researched and independently examined. We do not yet know what best practice is for online service providers when dealing with online abuse. We need new research to independently assess, and improve, online reporting tools and the background processes.
He also talked about the developing jurisprudence internationally as to what exactly is a publisher, when service providers are liable, disclosure of data relating to viewing of online abuse, and how service providers, like other organisations, can be responsible for their employees’ actions online.
Mr. Lambert’s paper explored a range of different issues and illustrated how privacy was interconnected with other topics, such as the rise of online abuse, and the changing tide of media and academic interest in the challenges that Internet accessibility can provide. It was his belief that this interconnectedness will increase as our relationship with technology intensifies and broadens still further, increasing the need for examination of those areas not yet receiving research attention. Research is also needed so that we will know best practice when we get there. Report and complaint statistics are also needed to fully appreciate the extent of the online abuse problem, and ultimately to assess improvements.
Paul asked the audience whether it is simply a case that we must take the bad with the good? He appealed for a return to the ideals of the Internet, underpinned by safety and solid research of online abuse processes.
A lively question and answer session followed the delivery of the papers with insightful questions and comments raised by an audience of lawyers, journalists, technology experts and members of the academic community. A number of questions raised the difficulty of ensuring the safety of children online, of implementing effective age authenticating mechanisms and of protecting anonymity. Dr. McLaughlin and Mr. McCallig, in response, supported free speech and education over any strong laws censoring or penalising online speech, particularly where children were concerned. Age authentication mechanisms, it was accepted by the panel, raised more privacy issues than they solved. Free speech on the Internet also gave rise to a number of contributions from the floor with a concern that for the media industry, in particular, the threat of litigation was disproportionately onerous. A contributor commented that less financially burdensome mechanisms, such as sanctions by the Irish Press Council, should be used in the first instance.
8. Rapporteur’s Report
Dr. Ciara Hackett of Queen’s University Belfast School of Law provided a summary of the proceedings of the symposium. She was struck by the diversity of the papers and the important issues raised from the right to be forgotten to the right to post-mortem privacy.
Commenting that the realm of privacy concerns spanned both public and private law, she commended the speakers and organisers for the valuable contributions the symposium made to the continuing debate on these issues in the online context. It highlighted the range of issues and concerns that fall under the umbrella of privacy. The presentations illustrated the linear progression of our privacy rights, and discussion around the availability of those rights from birth, through childhood, our adult lives (as consumers and the right to be forgotten) until after death.
Although a range of papers was presented, the discussions indicated how the area is in a constant state of development and evolution. These developments provide a platform by which practitioners, academics, researchers and students can gather for dynamic discussion, such as was evidenced at this symposium. It also indicates that existing legal provisions are outdated insofar as data, Internet and online technologies have broadened application and usage. Relevant laws, protections and regulations need to catch up.
Privacy, and the protection of private information, has traditionally been considered as located in the realm of private law. With the advance of information and communications technologies, and particularly the Internet, the public element of privacy has become increasingly relevant, as the symposium discussions illustrated.
Other key themes that emerged were as follows:
- Transparency: There needs to be a transparent understanding of the laws in this area, how companies operate within this law and availability of data on online abuse and reporting processes.
- Responsibility: There is a responsibility to protect users of sites and, indeed, individuals, as consumers, have responsibilities to protect, advance and enhance our own privacy by educating ourselves on the privacy available to use.
- Accountability: Who holds entities to account if they fail to protect our privacy? There are a number of stakeholders that can do so, many of which were highlighted by the speakers and the audience – consumers, competitors, NGOs, charities, research groups and regulators.
- Legitimacy: There is a challenge, as was evidenced in the symposium’s presentations in balancing freedom of speech and the right to privacy. Perhaps it is in maintaining this balance that online service providers are legitimising their licence to operate.
* Lecturer, School of Law, Queen’s University Belfast.
** Lecturer, School of Law, National University of Ireland Galway
 86. F. 3d 1447 (7th Cir 1996)
 105. F. 3d 1147 (7th Cir. 1997)
 He noted that having Not Agree as the default on online contracts would bring its own problems as consumers are saturated with online contracts and are nearly “conditioned” to simply select “Agree”. He recognised the need for re-education in this area.