Data protection is on everyone’s mind this month. Last week Ruth Kinderman rightly pointed out on TCW that the updated EU rules coming in on the subject this Friday were wreaking havoc on small organisations for little, if any, discernible benefit. She did not, but could well have, observed that this is only the tip of the iceberg. It is also a creeping menace, courtesy of the EU and our own government. Quite apart from the General Data Protection Regulation, the existing EU data protection directive has already for some years been relentlessly knocking away at the supports of freedom of speech and an open society, and seeking to impose a regime that we, the public, should be allowed to see only the information that the great and the good think is good for us.
Four years ago the European Court of Justice applied the existing Euro-law on data protection to allow a Spaniard to tell Google to pull a link to an entirely accurate newspaper report of proceedings against him to recover unpaid social security contributions. Throughout Europe, it said, the protection for private life and data in the Charter of Fundamental Rights had to combine with data protection law to allow removal of links to his name unless there was a public interest in maintaining them. This may have looked like a mere technical bagatelle, but the effect has been far from trivial. Links to convictions for violence have been removed in disturbing numbers at defendants’ behest; so much so as to disturb even the BBC, which to its credit listed the stories from its own website which had been delinked by Google. Earlier this year a businessman who pleaded guilty some years ago to conspiracy in connection with a business with a dodgy environmental record used the same law to suppress links to his (publicly reported) conviction on the basis that this was part of his private life, he was sorry and had put it behind him and it might embarrass his children. It has even been seriously suggested that WHOIS, an invaluable tool to find out the details of who is behind a particular website available to those wishing to flush out fraudsters, may fall foul of it.
This is not the only use of EU data protection law to suppress or conceal information. Facebook has faced a number of claims to remove true information placed on accounts. Newspapers themselves can be caught. You have to remember that almost any dealing with any information about named persons is in principle regulated, and the protection for journalism is narrowly drawn to cover only cases where the law regards the publication envisaged as being not only true but in the public interest, and normally where editorial codes of practice are followed. Hence at the end of last year a court in Northern Ireland was prepared to use it to hold a newspaper liable for reporting a conviction for manslaughter from some years earlier at the behest of the victim’s family, on the basis that it regarded the report as unreasonable and distorted.
All this is disturbing. For one thing, the amount of information suppression is not small. Delinking requests, which essentially make information unfindable even if it remains technically public, have become a major industry: about 2.5million URLs so far for Google alone, with a success rate of over 40 per cent. Of the requests, moreover, 41,000 came from celebrities and 31,000 from politicians. There are also worrying proceedings currently before the European court aimed at extending the jurisdiction of courts in the EU to ordering removal not only in Europe but worldwide.
For another, this means that, whether the public like it or not, people in Britain are increasingly being allowed to rewrite their own pasts and, by selective erasure of links to discreditable events in earlier years, to live a lie and essentially sail under false colours. There is no telling when I may wish to know what sort of person I am dealing with; denying me the information that they have a conviction for violence, or have connections with a company with a reputation for shady environmental dealings, is taking away from me my ability to make an informed decision on the basis of what is, after all, publicly available information.
You might think that this would be one of the top agenda items after Brexit: after 2019 we cease to be subject to the fiat of the European Commission, and the GDPR might seem a very promising target. Unfortunately this is not the way the Government sees it. Last year it agreed to continue with the GDPR indefinitely as part of English law: it wanted to ‘put the UK in the best position to maintain our ability to share data with other EU member states and internationally after we leave the EU’ with protection ‘suitable for our new digital age, allowing citizens to better control their data’. Pity about the shackling of the press, of course; but that’s just one of those things.
It is said that we are forced to do this because otherwise Europe will refuse to share any data with us. This needs to be taken with a pinch of salt. A simple exemption for journalism of all sorts, for search engines and for clubs and charitable organisations, is entirely consistent with proper controls over other commercial users.
Pressure needs to be put, and kept, on government in this respect. By all means accept reasonable controls on professional data handling. But what is not acceptable is a measure which, whether from a zeal to appear plus européen que les européens, or simply a desire to appear hip and up with the times, allows the EU to continue to dictate social policy and the limits on freedom of speech in the UK.