Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Proposed EU law: right to be forgotten

by davies (Vicar)
on Mar 17, 2011 at 17:47 UTC ( #893819=monkdiscuss: print w/ replies, xml ) Need Help??

This isn't law, at least, yet, and there are usually several years between something becoming EU law and individual nations having to make it national law. IANAL, but I can see plenty of scope for PM to be harassed by the disgruntled or malicious, especially since at least one of the gods claims to live in the EU. I therefore offer a few ideas on how to minimise the risks. This should be read bearing in mind that no-one currently knows what the law will be in its final form and that I have no idea of the issues caused by the code that runs the site. Please read everything that follows as if I had started with "I suggest".

The "Monastery gates" page should contain a link to a privacy policy, including information on how to get yourself forgotten, the storage of passwords in plain text, the ease or difficulty with which an anonymonk posting can be tied to an individual and the fact that we do not like to change history.

Registered monks can be forgotten by request to the gods. The process will involve the locking of the account, the change of ownership of all nodes written by the monk to "Anonymous Monk", the deletion of any links to the monk's home page and the deletion of the monk's name from all posts by that monk.

Anonymous monks who have posted personally identifiable information will have to show that there is a reasonable degree of linkage between the post and the individual to get the post edited. John Davies has no chance (it's such a common name) unless he can quote the IP address and PM keeps a record (see above). PM gods will have to take into account any other personally identifiable information in such a post. This seems to me to involve a lot of work, but should be rare enough.

It's now the Information Commissioner's Office, but when it was the Data Protection Registrar, I found the staff there very helpful. I hereby volunteer, if so instructed by the gods, to contact them and report back on their advice.

Not all mentions of MonkNames are linkified in other monks' nodes. This means there is a hole for personal information to slip through. I don't know how difficult it would be to automate a process to check that MonkNames are linkified. If it must be done manually, I hereby volunteer to check all my own nodes, consider any other nodes I find and, should the gods see fit to grant me the power, do such janitorial work as is needed.

I think what I am proposing is overkill. I certainly hope it is. But we have had instances of monks leaving in hissy fits and it seems to me that the proposed new legislation could give such people the power to cause considerable problems. Were I a god, I would sleep better if the issues had been considered in good time and mechanisms put in place to minimise disruption.

Regards,

John Davies

Update 2012-06-08: This suggests that the current draft might not apply to PerlMonks, in that it refers to companies offering a service. TTBOMK PM is not a company and since it's not a business either, we might be exempt. Let's hope so. The article also mentions the likely cost to businesses of compliance (which might cause delay or cancellation) and the problems of "unprecedented co-operation", so there are grounds to hope that this will get nowhere near us.

Update 2014-05-14: The back door imposition of the "right to be forgotten" by the ECJ on Google has attracted some unfavourable reactions, such as http://blogs.telegraph.co.uk/news/brendanoneill2/100271366/theres-a-whiff-of-orwells-ministry-of-truth-to-the-eu-backed-right-to-be-forgotten/, http://www.cityam.com/article/1400029630/online-giants-be-hit-google-loses-eu-data-case and http://blogs.telegraph.co.uk/news/douglascarswellmp/100271108/europe-tells-google-to-delete-data-corrupt-politicians-will-be-thrilled-now-they-can-hide-their-secrets/.

Comment on Proposed EU law: right to be forgotten
Re: Proposed EU law: right to be forgotten
by Anonymous Monk on Mar 17, 2011 at 18:58 UTC
    I think what I am proposing is overkill. I certainly hope it is. But we have had instances of monks leaving in hissy fits and it seems to me that the proposed new legislation could give such people the power to cause considerable problems.

    You're much much ... too premature with such a discussion, which should be conducted with lawyers and lawyers -- reminds me of that thing about copyright infringement and liability; if you're proactive, and then fail to prevent infringement, then you're liable -- lesson, don't be proactive -- I feel you should make this node forgotten :)

Re: Proposed EU law: right to be forgotten
by raybies (Chaplain) on Mar 17, 2011 at 19:02 UTC
    Quick! Everyone tell me your real names before it's illegal to know them! --Ray
      I'm Spártakos!

        No, I am Spartacus!

        --MidLifeXis

Re: Proposed EU law: right to be forgotten
by BrowserUk (Pope) on Mar 17, 2011 at 20:32 UTC

    It will be interesting to see what happens if this becomes law.

    Who is responsible for the unedited shadows of a site's content, as held by google's cache, the WayBack Machine and others?


    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
      This is the Ministry of Information. You're looking for the Ministry of Truth.
Re: Proposed EU law: right to be forgotten
by jdporter (Canon) on Mar 18, 2011 at 15:19 UTC

    Irrelevant. PerlMonks is hosted in the USA.

    If anything, we could put a statement in the page footer that site usage is subject to US law.

    I reckon we are the only monastery ever to have a dungeon stuffed with 16,000 zombies.

      I hope you're right, but even if Pair has no presence in the UK, it may not help. See, for example, this, where a company with no presence in the UK was held subject to UK law. Given that there is at least one person in the EU who might reasonably be classified as a data controller, my instinct is to check with someone like the ICO. The EU is notorious for expanding its activities into areas where they aren't wanted. But the gods are the ones most likely to be targeted, and if they are unconcerned, that's the most important thing.

      Regards,

      John Davies

      Update: The EU commissioner responsible for this has stated unequivocally that the location of the servers does not change responsibilities under proposed EU law. See this.

        I really do not see how discrimination in an exam applies to a completely voluntary site like PM. I skimmed through most of that article, but I do not even see the overextending reach of the EU. I mean, if a local (UK) company contracts with a US company to provide testing and those tests discriminate against e.g. the blind, then that's a local (UK) issue. And that means the US company was doing business with a UK entity. It's apples to oranges.

        I suppose one potential issue could be if the Perl Foundation receives money from people and/or organizations in Europe, but I think even that's a stretch.

        Elda Taluta; Sarks Sark; Ark Arks

Re: Proposed EU law: right to be forgotten
by Perusor (Initiate) on Mar 19, 2011 at 10:26 UTC

    I feel that the following news item dated 19th March 2011: Online right 'to be forgotten' confirmed by EU explains much but there are several points to bear in mind.

    Whereas at the moment it is mega sites such as Facebook and Google who are being targeted once the law has been enshrined the principle will move down the food chain.

    Before anyone gets too deep into this I would like to point out that I signed into the monastery yesterday and the only information that I was asked for is a name, user name and email address. All of which are justifiable on the grounds of standard communication. It is stated quite clearly when you join that your data is not used for any other purposes at all (not the way it is explained but you get the idea).

    I strongly believe that the target for the law is sites which redistribute information for sale as lists and those which use it to target advertising. Whether you believe it is right or wrong this is more about politics than computers. The following quote sums this up for me:

    Some websites have argued that making all use of personal data “opt-in” could put free services at risk, as advertisers would be deprived of attractive information that enables them to target commercial activity.

    As a non profit members only website which only requires the absolute minimum of information which it keeps in house I believe that the Monastery has nothing to worry about.

    A link from the home page to a privacy policy containing a statement to the effect of the above, written by someone who understands such things, should suffice and even this will not be necessary for quite a while yet. The one thing that EU justice is known for is being s - l - o - w.

    Hope this helps.

      The following quote sums this up for me:

      There are (at least) two distinct rights being enshrined in law.

      1. Opt-in rather than opt-out permission by members to web-site owners before thay can disseminate any personal information to third parties.

        This barely applies to PM.

      2. The right to be forgotton.

        For example. Facebook would have to remove your home page and all associated pages, pictures and information upon request.

        This almost certainly does apply to PM.


      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
Re: Proposed EU law: right to be forgotten
by sundialsvc4 (Abbot) on Mar 23, 2011 at 20:36 UTC

    Interesting...   I would have supposed that such a silly law would have been first created in (my country...) America.   In California, perhaps.   ;-)

    In any case, as we know, the most reliable way to do such things is with a “soft delete” flag in the database record.   Although the record never actually “goes away,” it ceases to be accessible or referenced by the appropriate parts of the system.   Referential integrity within the database, however, is maintained.   The same notion could also be used to implement some kind of an EU_compliance column.   (Because, after all, laws change.)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: monkdiscuss [id://893819]
Approved by ELISHEVA
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (12)
As of 2014-10-01 18:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    What is your favourite meta-syntactic variable name?














    Results (32 votes), past polls