In 2018, the General Data Protection Regulation (GDPR) began to govern members of the European Union. The GDPR allows individuals the “right of erasure” — the ability to request erasure of personal data from the Internet. But the European Union’s top court recently stymied the regulation’s effect, ruling that search engine operators are not required to de-reference subjects globally. Thus, the potential spillover effects — i.e., the potential issue of whether a U.S. court ought to enforce a European de-referencing — won’t allow for a cascading privacy right debate to enter American discourse.
Also known as the “right to be forgotten,” erasure represents the tense intersection of the competing values of an individual’s privacy and of an information provider’s freedom from censorship. Despite censorship concerns, erasure has begun to gain support outside of the European Union; Argentina is the most recent country to implement similar regulations.
In the United States, given the country’s emphasis on First Amendment freedoms, it may seem unlikely that a court would ever recognize this right (much less so now that the EU has eliminated the international implications of its own law, as noted above). But as the public becomes more concerned with Internet privacy, in particular after numerous data breaches on social media platforms, a domestic cultural movement for the right to be forgotten may take hold. Consider that in 2017, New York state legislators introduced a bill that would require the removal of “inaccurate” or “irrelevant” statements — among other categories — from the Internet. (The bill didn’t gain traction.) Since then, news coverage has continued to highlight tech companies’ failures to self-regulate; such companies have now repeatedly come under fire for moving too slowly to remove abusive imagery involved in child exploitation. In the present climate, a cultural push towards more stringent regulations on removing information doesn’t seem like a stretch.
Those who benefit from the right to be forgotten may be especially vulnerable to Internet exploitation, such as individuals with arrest records or victims of revenge porn. Since the bar for defamation in the United States is quite high, such individuals do not currently have a feasible alternative route for removing their data from the Internet. The overwhelming policy argument in favor of this right is that it would allow individuals greater privacy over elements of their lives that most would not want subjected to public scrutiny.
But while there may be strong public policy arguments in favor of the imposition of the right to be forgotten here in the United States, right-to-be-forgotten supporters may find themselves at a loss when it comes to the legality of their position.
The most significant obstacle is an opinion from on high — in Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975), the U.S. Supreme Court held that a Georgia law allowing the father of a deceased rape victim to sue a television station for invasion of privacy by broadcasting the victim’s name violated the First Amendment. Since then, recent court opinions suggest little judicial-based momentum for the potential for the imposition of a right to be forgotten. See, e.g., Garcia v. Google, Inc., 786 F.3d 733, 745–46 (9th Cir. 2015) (right to be forgotten not recognized in the United States); Manchanda v. Google, Inc. et al., 2016 U.S. Dist. Lexis 158458 (S.D.N.Y.16-cv-3350 JPO) at n. 2 (“right to be forgotten” recognized in legal systems other than our own).
On the other hand, a return to several 20th century cases from a time when courts were less absolutist in their analysis of free speech could bolster an argument for this right. In the 20th century, several states, including Georgia, Kansas, Kentucky, and Missouri, granted individuals a common law right to privacy. California opted to do so via its state constitution. In Melvin v. Reid, 112 Cal. App. 285, 292 (1931), a California appellate court found for an ex-prostitute whose life story was revealed in a movie, arguing that the publication of her information violated her right “to pursue and obtain happiness,” which could be considered “a right of privacy” under the California state constitution. In 1971, the California Supreme Court upheld a former felon’s right to sue a magazine for invading his privacy interests by publishing a truthful article about his hijacking of a truck eleven years earlier; the Court noted that the man in question had become rehabilitated in the time between the truck hijacking and the magazine’s publication. Briscoe v. Reader’s Digest Ass’n, 4 Cal. 3d 529, 534 (1971). (The Court still held that the former felon would have to prove that the publisher invaded his privacy. Id. at 542-43.) Of course, such issues predated the Internet, and the option of erasing this information from a centralized database was not under consideration.
With the passage of time and a greater resonance of First Amendment protections — not to mention the U.S. Supreme Court’s holding in Cox — the California Supreme Court overruled Briscoe to allow corporations to publish any information obtained from public official records. Gates v. Discovery Communications, Inc., 34 Cal. 4th 679, 685 (2004). Aside from the quick-to-flame-out bill in New York, states have not indicated much of a renewed interest in pursuing right-to-privacy laws.
So, can Europe’s right to be forgotten find its way stateside? Without a tremendous cultural push, and up against Supreme Court precedent (not to mention the tremendous litigation power of corporations like Google), current signs point to no.
* Danielle Bernstein is an Associate Editor on the Michigan Technology Law Review.