master_admin

You use the Internet on a daily basis to communicate, to get informed and have fun. But Internet as you know it might cease to exist, if you do not take immediate action.

What happened?

On June 20, 2018 the Legal Affairs Committee of the European Parliament voted in favour of the Proposal for the Directive on Copyright in the Digital Single Market.

The proposed Directive aims to harmonize the legal provisions in the Member States regarding copyrights, taking particularly into account the digital and cross-border uses of the protected content. In simple words, what the european legislator aspires to achieve is that all EU Member States are on the same page regarding copyrights in the contemporary digital single market. Everything seems fine up to here.

Nonetheless, the provisions of the proposed Directive and especially Article 13 are not safe from blunders and could jeopardize freedom of online expression and freedom of information.

Article 13 requires that Internet platforms use filters for any information uploaded by the users on the platform, in order to avoid copyright infringements.

What does this mean?

Content-recognition technologies will filter the posts of the Internet users to ascertain whether there has been a copyright violation in the content of the posts under question. Subsequently, based on the said filtering, the posts will be approved or prohibited. The risks from such a practice for freedom of online expression and information are obvious.

1. The Internet platforms will have excessive power

Under the new scheme platforms will have to filter the content, which they host, without any complaint regarding a copyright violation. Until now, legislation provided that content which violates copyright would get banned from the platform according to a procedure. This procedure commenced subsequently to a complaint filed by the alleged copyright owner. Now, any post will be subject to this filtering.

2. The available technology is not able to recognize posts which are made in the context of parody, criticism or reference for research and commentary

Although technology evolves rapidly, the available filtering mechanisms are not able to recognize the difference between legal and illegal content use, which is subject to copyrights, and which is used in research, commentary, even for criticism or parody (i.e. reference to artistic excerpts for commentary, reproduction of speeches for informing the public for current affairs, generation of parodies of a film -such as memes- or parodies of songs.

Therefore, the creativity of Internet users and freedom of online expression and information will be inevitably restricted. Additionally, the said filtering mechanisms will have to be supported by a whole army of employees of the Internet platform in question. These employees will proceed to a second phase of monitoring of all the posts for which the filtering mechanisms will have concluded that they infringe copyrights.

This is definitely a costly and time-consuming procedure and the extra cost for the extra employees might fall on the Internet user through a rise on the prices for Internet services or the introduction of annual or monthly fees in the various Internet platforms.

What can I do to prevent this?

On July 5 the European Parliament’s plenary will vote on the proposed Directive. Send today and email to the Greek Members of the European Parliament (MEPs) and call them to vote against the proposed Directive on Copyright in the Digital Single Market.

A full list with the contact information of all the Greek MEPs can be found here.

Remember that every email counts. We must unite our voices and request all together from the Greek MEPs to vote against the proposed Directive. The preservation of freedom of online expression and information concerns us all and is a vital prerequisite for the proper functioning of democracy.

If you want to save time, you can use the following template. However, we suggest that you personalize your message as much as possible and express also your own concerns.

“ Subject:  Vote against the proposed Directive on Copyright in the Digital Single Market

Dear Ms/Mr (Name),

I am sending this message because on July 5, the European Parliament plenary will vote on the proposed Directive on Copyright in the Digital Single Market.

This act will drastically change the form of the Internet, as we know it, for the worse. It will restrict significantly the right to freedom of online expression and information for all Greek and European Internet users.

More specifically;

Creativity and freedom of speech will be significantly damaged, since algorithms are not always able to recognize the difference between legal and illegal use of content, which is subject to copyrights, and which is used in research, commentary, even for criticism or parody. If the use of this content is regulated by automated systems, which take decisions the letter and not the spirit of law, creativity and freedom of online speech, will be inevitably restricted.

There are no appropriate technical means to implement Article 13. There is no recognition technology, which can monitor successfully all the forms of content which are included in the proposed Directive (text, audio, video, images and software).

Therefore, it is absurd to expect from the courts of the 27 Member-States to constantly judge on which would be the most appropriate technical means for the implementation of the proposed Directive on a case by case basis.

The Internet service providers should not become responsible for the implementation of the copyright legislation, as prescribed by Article 13. In order to achieve their compliance and avoid fines and sanctions, the companies will prefer to become overprotective in regards to copyright, thus restricting freedom of expression.

Providing the companies with the right to delete content for copyright violations will give them excessive power, since there is no provision for the protection of Internet users against such deletions -even if their content is legal.

Taking into account all the above, I call you to vote against the proposed Directive. In this way, the text of the proposal will become subject to review, in order for the requisite balance between copyright protection and protection of freedom of online expression and information to be found.

With best regards,

(Name) “

On the 20th of June 2018 the Legal Affairs Committee of the European Parliament voted in favour of the adoption of the Proposal for a Directive on Copyright in the digital single market.

The provisions of this proposed Directive, and more specifically the Article 13 that it includes, could be proven hazardous. The aforementioned legislation will change the Internet as we know it, only for the worse, setting serious limitations to freedom of expression and information of Greek people as well as all the internet users inside the European Union.

Before the voting process of this proposed directive, Homo Digitalis had contacted Mr. Chrysogonos, the only Greek representative in the Legal Affairs Committee, suggesting that he should examine in detail the Article 13 of the Directive. Mr. Chrysogonos proposed its amendment during the voting session. Unfortunately, his proposal was denied and the text was adopted from the Legal Affairs Committee. Read more about this here.

On the 5th of July the plenary of the European Parliament will be called to vote on this proposed Directive. If the voting goes through and in favour of this Directive, it will soon become a reality.

Thus, the last chance of reviewing this text, in order to ensure the required balance between the protection of copyrights and freedom of expression and information on the internet, is now.

Homo Digitalis noticed via e-mail all the Greek members of the EU Parliament to vote against this directive. See the e-mail in Greek here.

European citizens must act now and request from the Members of the European Parliament of their countries to vote against this proposed Directive on the 5th of July and protect the freedom of expression and information. Only if we unite our forces we will be able to send a loud and clear message.

Every e-mail to the Members of the Parliament is of utmost importance. Take action!

By Emmanouil Mandrakis*

Following the Cambridge Analytica scandal, most social media users, particularly Facebook users, are concerned for the protection of their personal data. Notably, many decided to delete their profiles, either driven by fear or by a need for reaction. A considerable amount of users seem to be indifferent for the violation of their privacy or are not aware of what is happening.

In any case, social media have proven to be useful when it comes to networking and communication. For their users to be able to enjoy these services, without facing the pertinent dangers, they must always get informed. On the other hand, social media and their access in private life must be regulated and monitored.

What happened with the Cambridge Analytica scandal

The Cambridge Analytica scandal came to light when it was disclosed that the personal data of millions of Facebook users were used for political propaganda by the social media company. It is estimated that between 2014 and today (2018), Facebook has gathered personal information by 87 millions users. It has been claimed that this information has been used on a fee for influencing the public opinion in political issues. The users did not know if and how their data were used, while most of them never granted their consent. (Kevin Roose, 2018)

This came out by a Cambridge Analytica employee, who denounced the abuse of the data. The case has been brought to justice. At this point, arises the issue of whether the law has made provision for protecting the users and preventing corporations from violating the Internet users’ privacy. Moreover, the social media users must get informed and learn which conduct might lead them to confronting similar dangers.

Facebook as an entity offered the means for the development of applications for entertainment, briefing and various others objectives, which had access to personal data, in order to be more efficient. Applications such as quizzes requested access to data, which were not actually necessary for the quiz, such as personal data of the users’ friends. In this way, these applications gained access to data of people, who never consented, just because their friends were “careless”.

Can someone get protected?

Social media users must always get informed on how they can get protected. They must be cautious regarding the information they share, particularly when they share sensitive data or even their “digital self”. To begin with, they must be aware that if they decide to share information publicly, this information will be available to everyone.

This includes corporations, which might use this data for some objective, if not for profit. For instance, for most users, the profile photo is public and clearly depicts their face. This gives the opportunity to everyone to create a huge database with name, surname and biometric characteristics for face-recognition applications. The “Likes” made by the users in pages and posts provide sufficient information for someone that has access to them to know the users’ preferences and desires.

Apart from the obvious use for marketing purposes, it must not be underestimated that the social circle of a person might criticize it based on its “likes”, something that leaves considerable ground for stereotype-making. In the following table are illustrated the steps, that anyone can follow to protect this information.

Furthermore, social media users can control with who they share other sensitive information such as posts and location. Notably, the latter is used by insurance companies in order to avoid compensations for burglaries. (Pleasance, 2015) Therefore, users must post responsibly, particularly when they choose their post to be public.

The commodities of social media

Social media have undoubtedly earned their role in everyday life. They have brought communication and networking to a new dimension, in which a person can keep in touch with another from a long distance or remain in contact with its old schoolmates much more easily than in the past. As far as corporations are concerned, it has made product promotion easier and much more targeted.

This is not necessarily negative; we should bear in mind that the marketing cost is paid by the consumer in any case. Social media constitute a source of information but also misinformation. One must always crosscheck his sources. Social media are a commodity which is taken for granted and is offered for free, with the only price paid being the users’ personal data.

Consequently, users must always check what they pay each time for the services they enjoy and decide if it is worth it. They must be hesitant when an application requests access to irrelevant information. It is normal for a weather application to ask for the user’s location, but not for access to photos or “likes”.

* Emmanouil Mandrakis is an Electrical and Computers Engineer, specializing in Nanotechnology. He works in CSEM (Swiss Center for Electronics and Microtechnology) in Switzerland. He is interested in current affairs and credible information. He works on new technologies issues.

By Stefanos Vitoratos

“Twenty-five years after the establishment of the European single market, European consumers earn their place in it.” The Regulation 2018/302 of 28 February 2018 against the “territorial exclusion” on E-commerce and services (or «geo-blocking» as it is commonly known) is here and aims to tackle discrimination in access to goods and services by putting an end to regulatory asymmetries between member countries.

The new regulation significantly reduces several often restrictions and in these terms is one of the major steps towards a true single market for consumers. However, this arrangement could be seen as fragmentary, since restrictions are not completely eliminated.

What is Geo-Blocking?

But let’s take them in turn: What do we mean by “Geo-blocking”?

It is a form of technological protectionism that restricts access to web content based on the user’s geographic location. The exact location of the user is detected using geolocation techniques, such as checking the IP address, thus allowing the system to approve or deny access to specific content.

Geo-blocking is mainly associated with restrictions on access to multimedia content such as movies, TV shows or even songs due to  intellectual property and licensing purposes. How many of you have not gotten the message “This content is not available in your country”? But this is only a certain aspect of it, since geo-blocking is even used for price discrimination in online stores. There are phenomena, where users buy online products from foreign sites at much higher prices than domestic users of the same sites. It is even likely that the site accepts a bank card only from its home country or even redirects you to an online store in your own country.

Why is it an important step?

As early as May 6, 2015, the European Union announced the adoption the “digital single market” strategy . The rationale was that many Europeans are still not able to use online services that are available in other EU countries without any explanation, or perhaps, speaking of trade, they could be transported to a domestic website with different prices. These phenomena are not in line with the idea of a single market.

From the above mentioned, we understand that the idea is simple: the consumer has access to the same prices in all products in all countries without any geographic distinction for commercial purposes. There are neither restrictions depending on nationality or permanent residence, nor does it mean to impose different pricing depending on the country of origin of the user.

The idea is correct, however the final text of the Regulation, tackles only three very specific geo-blocking cases, and more specifically:

i) Digital services, such as cloud and web-hosting, which must be accessible to customers from all over Europe.

(ii) Services provided in a particular physical location, such as car rental, which must be available to everyone regardless of location.

(iii) The sale of goods, irrespective of the Member State from which the user accesses the site.

What is left to be done?

However, as you may observe, digital services that include copyright are excluded.

Restrictions regarding digital media are not included in this round of “construction” of  the EU’s single digital market and this is due to the intense pressure from the industry of intellectual property rights and the respective protective behavior of many national governments. Products such as movies, series, e-books, video games and music were excluded from the scope of the regulation. What does this mean practically? That a Belgian site subscriber providing series and movies may have different access to content from the respective Greek user of the same site. This deduction from the scope of the Regulation allows suppliers to continue excluding  geographically the electronic services that contain copyrighted content.

The consolation is that the legislator agreed on a “review clause” of this issue in two-years time, that is  the end of 2020. Until then, the new political circumstances that will have been formed, since a new European Parliament and a new European Commission will have taken up duties, might be able to break the resistance of industry.

Undoubtedly, this regulation, which will come into effect  from December 3rd, 2018, is perhaps one of the most important steps towards a true single market for consumers. Thus, It will add to  other achievements from 2017, such as the termination of roaming charges for mobile phones and cross-border portability for online subscriptions.

The EU has been working for a long time in the direction of the digital single market, promoting  equality, pluralism and diversity, and this has been seen in practice. But who will win the final tug of war with the industry?

Enhancing factor or threat to freedom of expression?

By Konstantinos Kakavoulis

Anonymity constitutes a founding element for democracies, which respect and promote freedom of expression and dialogue. The right to anonymous speech enhances the citizens’ willingness to express their views publicly, regardless of their courage or the popularity of their views. Anonymous speech enhances civic participation. Thus, minority views and opinions, which come in opposition to the authority or criticize it, are more easily expressed. A democracy requires critique in order to function properly. The value of anonymous speech becomes much more obvious when it comes to non-democratic or non-liberal regimes. The restoration of democracy is frequently based on texts, books and proclamations of unknown creators, which question the current authoritarian regime and demand its replacement.

Of course, it is not necessary that we reach such extreme circumstances to appreciate the value of anonymous speech. Living in a democratic society, we have to be able to understand its value. It is important to mention that the protection of freedom of expression includes anonymous speech.

Expression in the Internet is usually anonymous. Certainly, anonymity does not only safeguard speech of good quality, namely speech which promotes democracy and dialogue. It also protects false, illegal, unethical and insulting speech. Either concerning political, economic, social or artistic discussions, such examples of speech of bad quality are widespread in the Internet. The security provided by anonymity pushes many Internet users to use vulgar, insulting or false speech. Cyber-bullying stems –among others- from the possibility of the Internet users to hide their real identity. But let us not forget that Internet was created by people for the people. Its self-regulation and its good use lie with its users.

The use of anonymity for the promotion of illegal activities is of course alarming, but it can be confronted. The police and judiciary can trace any user who has committed such acts and bring him to justice. This might not always be easy, but it is always possible. Even the users who use the most modern and efficient encryption tools, can be uncovered.

The use of false and insulting speech under the veil of anonymity is something which can be confronted by the very nature of the Internet and its users. Firstly, the promptness and interactivity of the Internet ensure that the person in concern has immediate access to the content, which insults him. He also has the right to respond immediately. Notably, these rights are free of charge, a possibility which is not guaranteed by any other means of communication in such a wide scale. All persons who had access to the initial content –if not more- have also access to the response of the person insulted. Third persons who are interested in unveiling the truth may also act in the same way or contribute in the endeavour of the person insulted. Practically, everything that is published in the Internet is accessible by everyone. This means that everyone can check and comment on its precision.

Secondly, the credibility of the Internet ensures that an anonymous form of expression must have a serious content. If someone wishes to publish something anonymously, he must at least make sure that the content is true and sincere, if he wants his publication to be considered credible. An anonymous publication will not easily become as popular as a publication in a website, which has become widely known for not disclosing untrue information. Thus, a post from an anonymous blog will not be able to challenge a post by the Guardian or Le Monde, if it does not have a true and sincere content. The credibility of the Internet in this way ensures that false content is delimited and its untrue nature is unveiled.

Anonymity in the Internet entails that everyone may express his opinion publicly and be heard by an audience of billions of people. However, it also entails that billions of people may check and comment on this opinion. Anonymity ensures that many and different voices are heard in the Internet. As long as all of us, as Internet users, adopt a critical stance to the information communicated to us, we have nothing to fear from anonymity. Freedom of expression is not possible without the protection of anonymous speech.

When you use the Internet, always remember that you may read, think, doubt, search – and most importantly express your opinion. The Internet is the best means that exists in order to fully achieve freedom of expression. The extent to which we achieve it, is in our hands.

The European Union made the first step for the adoption of the directive that limits the freedom of expression on the Internet

On the 20th of June 2018 the Legal Affairs Committee of the European Parliament voted in favour of the adoption of the Proposal for a Directive on Copyright in the digital single market.

Before the voting process of this proposed directive, Homo Digitalis had contacted Mr. Chrysogonos, the only Greek representative in the Legal Affairs Committee, suggesting that he should examine in detail the Article 13 of the directive.

The Article 13 in detail:

The use of content from service providers of the society of information who save and provide access to a great bulk of material that is uploaded by the internet users.

The service providers of the society of information who save and provide access to a great bulk of material that is uploaded by the internet users, are getting, in collaboration with the beneficiaries, measures in order to ensure the function of the agreements which are appended with the beneficiaries for the use of their creations and other owned material or the deterrence of their availability again in collaboration of the two sides. The aforementioned measures, for example the use of effective technologies of content identification, are suitable and proportional. The service providers provide the beneficiaries with sufficient information concerning the usage and application of the measures, whereas, wherever needed, they file reports for the recognition and use of the material.

The Member States ensure that the service providers referred in paragraph 1 are establishing mechanisms of complaints and compensation available to users in case of any difference with the application of measures as referred in paragraph 1.

The Member States facilitate, on a case-by-case basis, the cooperation between the service providers of the society of information and the beneficiaries, hosting dialogue between the stakeholders, in order to clarify the best practices, such as the use of suitable and proportional content identification technologies, considering among others the nature of each service, the technology availability and their effectiveness in consideration of the technological advancements.

Specifically Homo Digitalis highlighted that article 13 may change the Internet as we know it.

– Creativity and freedom of speech will be severely harmed, because algorithms are not always in the position to identify the difference between the legal and illegal use of material, which is subject to copyrights and which is used in research, commenting or criticism and parody. If the use of all this material is managed by automatic systems which decide based on the letter and not the spirit of the law, then creativity and freedom of speech will be limited inevitably.

-There are no suitable technical tools for the application of the Article 13. There is no existing technology of recognition/identification, which can efficiently inspect all the kind of material that is referred in the proposed directive, which include “content, audio material, video material, images and software”. Therefore, it is irrational to expect from the courts of the 27 Member States to decide on which are the most efficient technical tools and means for the application of the directive in each case.

– The entities that provide Internet services should not be responsible for the application of the copyright law, as the Article 13 provides. In order to ensure their compliance and avoid fines and penalties, the companies will become all the more protective concerning copyrights, greatly limiting the freedom of expression. The provision of the right to proceed in deleting content as a result of copyrights violation, will overpower those companies, because there is no possibility provided to the users to challenge such deletions, even if the content was legal.

Mr. Chrysogonos proposed its amendment during the voting session. Unfortunately, his proposal was denied and the text was adopted by the committee of Legal Issues. However, this was only the first stage from where this proposed Directive had to pass until it becomes a part of the EU legislation.

It is highly possible that in the beginning of July, a voting session of the plenary of the EU Parliament will occur for this text, for which the committee voted in favor of. Finally, the European Parliament will be called to vote if this proposal will become a directive. This is expected to occur possibly either on December 2018 or January 2019.

It is obvious that that we are still in the beginning of the road for the adoption of this controversial directive. Homo Digitalis will continue to inform you on any news or advancements in this case, while concurrently fighting with all its means to ensure that the Internet remains a means of free expression and sharing of ideas.

The Court of Justice of the European Union creates precedent according to which Google must erase personal data subsequent to a request by the person concerned

By Konstantinos Kakavoulis

The case Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (referred to as Google Spain v. Costeja Gonzalez) was decided before the Court of Justice of the European Union. The decision was issued on 25 June 2013. It constitutes a landmark for human rights in the digital age.

– Case history

On 5 March 2010, a Spanish citizen, Mario Costeja Gonzalez, filed a claim before the Spanish Authority for Personal Data Protection (AEPD) against a Spanish newspaper, Google Spain SL and Google Inc. The applicant complained that any Internet user, who typed his name in the Google search engine, would receive as a result two publications by some Spanish newspaper regarding a confiscation order for his house. The applicant requested that the newspaper erased his name from the publications and that Google removed his personal data in issue from the results it provides to its users. He argued that the confiscation procedure against his house had long been terminated and that any reference to it was totally irrelevant at present.

The Spanish Data Protection Authority dismissed the claim regarding the newspaper, but approved it regarding Google. According to the Authority, the newspaper was not obliged to repeal the publications, since they were lawfully published during the date on which they had been issued. On the contrary, it found that search engines are personal data processors and consequently Google Spain and Google Inc. had to erase the personal data, subsequently to the application filed by Mr. Costeja Gonzalez. The Authority based its decision on EU Directive 1995/46/EU.

Subsequently, Google Spain and Google Inc. appealed, against the aforementioned decision before the High Court of Spain. The latter referred a series of questions to the Court of Justice of the European Union (CJEU) regarding the correct implementation of the Directive. The questions concerned whether Google is subject to the notion of the processor of personal data and also whether, as an EU corporation, is subject to the provisions of the Directive. In case of a negative response, the High Court requested from the CJEU to determine Google’s liability as a data processor and assess whether a citizen has the right to request from Google to erase his personal data, namely the right to be forgotten.

– The CJEU decision

The CJEU found that Google is indeed a processor of personal data, since it “collects such data which it subsequently ‘retrieves’, ‘records’ and ‘organises’ within the framework of its indexing programmes, ‘stores’ on its servers and, as the case may be, ‘discloses’ and ‘makes available’ to its users in the form of lists of search results” and since it determines the purposes and means of this processing. The Court also found that Google Spain is an affiliated company of Google Inc. and therefore, Google Inc. is subject to the EU Directive.

One of the main points of the decision concerns the legal obligations which search engines, such as Google, have, according to the Directive. The Court found that search engines have the right to process personal data, when this is necessary in order for the legitimate interest of the data holder or third parties to be served. This right is not absolute. It may be limited when it contests the interests or the fundamental rights of the data subject –especially its right to privacy. The Court underlined that the economic interests of the search engine are not enough to impose limitations on the right to privacy. The Court also reminded that the right to privacy in principle prevails over the right of the public to gain access to personal data of a non-public figure.

The Court decided that the data subject has undoubtedly a legitimate interest to deny the disclosure of its personal data, even if such disclosure is not harmful to it. This right is founded on its right to privacy. Consequently, the data subject –in the present case Mr. Costeja Gonzalez- can request the erasure of his data, if the information disclosed are “inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes of the processing at issue carried out by the operator of the search engine”. In such an event, not only the data subject has the pertinent right, but also the data controller has the obligation to erase the data.

With this decision, the Court found that Mario Costeja Gonzalez had the right to request the erasure of his personal data from Google, while the latter had the obligation to erase them. Thus, this decision acknowledged the right to be forgotten for data subjects and the pertinent obligation for the data controller.

– Commentary on the decision

This decision is of great significance. It created precedent upon which subsequent rulings of the Court may be justified. Furthermore, national courts’ judgements may be based upon its reasoning or the opinions of the minority. We already see that the General Data Protection Regulation (GDPR) institutionalizes the right to be forgotten, in a way which constitutes a logical continuation of the decision at issue. It is therefore very important for the decision to be analysed and commented.

It must be underlined that the decision does not seem to distinguish between the consequences of removing data from a search engine and removing them from a website. The publication of data in a single website has significantly fewer consequences for the right to privacy and personal data protection than the disclosure of the same data in a search engine. The capability of the search engine to collect information, to aggregate them, to publish them as a whole and therefore create a whole profile for the user is something which may not be done by a single website. Thus, the data published in a search engine can be accessed by a wider public and can create a whole digital personality for a person. This reasoning was used by the Court in its judgement.

According to the same way of thinking, the removal of data from a search engine has much more important consequences than the removal of data from a website. The first influences in a much more substantial way the right to be informed. When someone searches for information regarding a person, it is much more probable that he searches for this information by typing the name of the said person in a search engine rather than searching for it in every single website, in which he considers that this name is possibly mentioned. Therefore, if the personal data of a person are removed from a search engine, the right to privacy of the said person and his personal data are more adequately protected than if such data are removed from a website. The right of the public to be informed is correspondingly affected. The latter is safeguarded under the Charter of Fundamental Rights of the EU Article 11. Although the Court noted the difference between the data processing by a search engine and a website, it did not deal with the right to be informed in the same way, despite the fact that the latter is influenced in a different fashion in the two cases.

Furthermore, the Court seems to consider only public interest reasons as capable of imposing limitations to the right to privacy and personal data protection. The right to be informed should be mentioned and used as a reason for delimiting the aforementioned rights. The protection of personal data is of great importance. However, it cannot be absolute. There are cases in which other rights –and not only public interest reasons- prevail and should be taken into account in the attempt to strike a fair balance. Thus, the Court should have included the right to be informed as a right, which should be weighted with the right to be forgotten. The outcome of this case would not have been different. However, this judgement may have serious implications in future cases. For this reason, the Court should have included this thought and should have referred to the EU Charter 11 in a more detailed fashion. The right to privacy and personal data protection prevail over the right to be informed. In any case, the two rights should be weighted by the Court, which should take into account the circumstances of the specific case.

Another very important point which was not clarified by the decision is the geographical implementation of the right to be forgotten, namely whether the right is implemented beyond the EU boundaries. Very strong arguments exist for both options. The issue will probably be clarified in the case Google v. France, pending before the same Court.

Much criticism has also been raised regarding the extended definition the Court gave to the notion of “personal data controller”. According to this criticism, not only search engines, but also their users, might be considered to be personal data controllers. This criticism has fallen short of substance, since the General Data Protection Regulation seems to define adequately the notion of “personal data controller”. Certainly, the implementation of the Regulation by the Court in cases to come is anticipated with great interest.

The judgement in the case Google Spain v. Mario Costeja Gonzalez constitutes a point of reference in the protection of personal data in the European, but also the international level. Google, which constitutes one of the most prominent personal data controllers, has established a procedure for the fast and easy access of its users to the right to be forgotten (you can have access to the pertinent application form by clicking here). Furthermore, the right to be forgotten is safeguarded under the GDPR. All personal data processors are obliged to respect it and all data subjects may enjoy it, with certain limitations. Mr. Costeja Gonzalez –intentionally or not- assisted in the establishment of a right, which will play an important role in the digital age in which we live in.

By Konstantinos Kakavoulis

Those who were born after 1990 are very likely to have left traces of their underage life in the Internet. The younger the user, the better the chances for that. Particularly for those who have been born just before 2000, the question is not if they have left traces, but how many traces they have left. According to UNICEF, 2 children use the Internet for the first time in their lives every second that passes. Nowadays, we see children who have just learned to walk and still face difficulties in kicking a ball, using a smartphone or a tablet with ease. Children and teenagers are so familiar with technology, that often even their parents have a hard time monitoring and supervising their activities –especially if the parents themselves do not have a good relationship with technology.

Easy access to the Internet has undoubtedly a positive impact to children and adolescents. The screen of their mobile phone, their tablet or their computer is transformed to a window to the world for them. Adolescents do not only have their school, their family, their private courses and the team in which they play as a source of information. With just a few “clicks” or touches on their screens, they enjoy access to information and images, which were unconceivable for past generations. This creates an additional need for them: to be part of this digital world. It is unusual to meet a teenager without an account in at least one social media.

Adolescents seem ready to make a part of their private life public, in order to feel liked and accepted by others, and, consequently, part of the digital reality. This said part is often very big –maybe bigger than it should be. Thus, we frequently see photos of drunk or provocatively dressed teenagers, photos from their love life and posts with particularly acid content, which may contain insults, describe illegal actions for this age or may constitute bullying.

Minors seem to start recognizing that from the moment that some of their personal data go online, they can never disappear. Even if their public profile is deleted, the personal data remain in the databases of the social media companies. This fear is likely to have led to the great success of Snapchat and Instagram stories within teenagers. These two social media promise temporariness in the public exposure of their posts, which lasts from 3 seconds to 24 hours.

The question is what happens when adolescents realize the consequences of the imprudent use of social media and wish to erase the personal data, which they have publicly shared. The answer to this question is given by the right to be forgotten. GDPR Article 17 explicitly provides that in case “personal data have been collected in relation to the offer of information society services to children”, the person of concern has the right to ask for their erasure from the data controller –in most cases this will be Facebook, Instagram or some other social media. It is important to note that the Regulation stipulates that the maximum applicable age for a person to be considered a “minor” is 16 years. The Member States may regulate differently, but under no circumstances this age might be less than 13 years. It remains to be seen what the Greek legislation will determine as a “child” age, during which data protection is absolute. The right to be forgotten does not end, when child or adolescent life ends. The persons maintain it during their whole life, regarding the data which they shared, while they were still children.

The right to be forgotten provides that the mistakes someone has made during his youth, do not stigmatize him forever. Teenage memories are undoubtedly some of the most important memories a person makes during his life. Nonetheless, they are also some of the most personal ones. Many of these memories constitute sensitive personal data. Persons tend to keep these memories well-guarded and permit only to certain persons –if to anyone- to have access and knowledge of their teenage and child cheatings and everyday activities. GDPR Article 17 is here to give them back the opportunity to safeguard their memories and to permit them to manage their personal memories, which they shared during the age of “innocence”- if it can still be named so.

Erasing the past

By Konstantinos Kakavoulis

Article 17 of the new General Data Protection Regulation institutionalizes the right to erasure, the so-called “right to be forgotten”. According to this article, a person has the right to request the erasure of his personal data and the controller has the obligation to erase the personal data without undue delay. The right to be forgotten is not established for the first time with the entry into force of the new Regulation. It has been established at the European level by the Directive EU/95/46. The Court of Justice of the European Union has ruled in favour of the existence of the said right in the case Google Spain v AEPD and Mario Costeja González.

According to Article 17 of the new Regulation, The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. 1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
   2. the data subject withdraws consent on which the processing is based and their processing cannot be based on another legal ground;
   3. the data subject objects to the processing, which is made for public order reasons or the exercise of an official authority or in the interest of the data controller or third parties, and there are no overriding legitimate grounds for the processing;
   4. the data subject objects to the processing which is made for the direct commercial promotion of products;
   5. the personal data have been unlawfully processed;
   6. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
   7. the personal data have been collected in relation to the offer of information society services to a child

Therefore, it can be concluded that the right to be forgotten is not absolute. The mere fact that a person requests the erasure of his personal data from the Internet does not necessarily result in their erasure. According to data from Google, the company has received 720,000 requests for personal data erasure during the past 3 years and has accepted 43% of them.

For instance, in the case of a house confiscation for debts, which has taken place some years ago, the request for erasure is likely to get approved. In the case of a criminal conviction for a grave crime, this is highly unlikely; besides, the latter will always appear in the criminal record of the perpetrator.

But what is going to happen in the case of an old allegation for a serious crime, which has never been proven?

Or in the event of a recent bankruptcy?

Or in the event that someone has publicly expressed political views, which he now wants to withdraw?

In all the aforementioned circumstances there must be a weighting of the right to be forgotten with the freedom of expression, the economic interest of the data processor, as well as the public interest to gain access to this information according to the right to get informed. This weighting shall always be made taking into account the circumstances of the specific case and under no occasion may its results be predetermined. It must be noted that according to the jurisprudence of the Court of Justice of the European Union, the right to be forgotten in principle prevails over the economic interest of the data processor, as well as the right of the public to get informed.

Another very important case is pending before the Court of Justice of the European Union; the case of France versus Google. The most significant issue of concern raised before the Court is the universality of the right to be forgotten. The Court has to determine whether the pertinent right extends beyond the European Union. France’s argument in favour of the extension is that, without it, the right to be forgotten is void. Even if Google is forced to delete or edit the results of some search within the European plane, these results will still be publicly available in the rest of the world. On the contrary, Google points to freedom of expression, which will be substantially curtailed, if the Court decides that the right is to be extended. The company argues that in such an event, authoritarian regimes will be able to enforce their laws in a way that will universalize the restrictions they impose.

For instance, Thailand will be able to enforce its legislation, which prohibits any insult against its king, universally. Google argues that there must be room for every State to strike a fair balance between the right to privacy and freedom of expression. According to the company, no State must be in a position to impose its legislation on another State.

It is undisputable that both sides have very strong arguments. No matter what the outcome of the case will be, it is sure that the right to be forgotten has been established and is here to stay. This is because it guarantees something very important: the right to live without a flawless past; in other words, the right to live a normal life.