A right to be forgotten online? Forget it
18:30 17 March 2011
Jacob Aron, technology reporter
The European Union plans to create a legal "right to be forgotten" online - but removing embarrassing photos from the web is easier said than done, as one of New Scientist's writers discovered earlier this month.
Speaking at the European parliament yesterday, EU justice commissioner Viviane Reding said websites need give people greater control over their data: "I want to explicitly clarify that people shall have the right - and not only the 'possibility' - to withdraw their consent to data processing."
Reding also warned that sites like Facebook must comply with EU laws, and promised greater powers for national privacy watchdogs. "A US-based social network company that has millions of active users in Europe needs to comply with EU rules," she said.
It's clear that Facebook and others must do more to respect users' privacy, but the nature of the web makes a legal right to be forgotten completely unenforceable in practice. Once you put something online it can easily be copied and widely distributed, and deleting the original will do nothing to stop people finding a copy elsewhere. If you upload an embarrassing video to YouTube and it goes viral there's very little you can do - just ask the Star Wars Kid.
While a legal solution to problems of online privacy might be impractical, there are technological alternatives. Earlier this year a team of German researchers developed a technique for creating images with an expiration date. Dubbed X-pire, it encrypts photos with a key that can only be used before a certain date.
Even this isn't 100% effective - if someone accesses the image before the expiration, it's simple for them take a screenshot and copy the image elsewhere. The only real way to ensure fool-proof privacy protection is not placing data online in the first place.