“Don’t break the internet” has become the standard first-line defence of the self-appointed internet Marine Corps. It is a reliably powerful counterattack to any disliked policy. But in a system where “disruption is a feature, not a bug”, this defence is all about politics, not technology.
One of the things that will supposedly break the net is the so-called “right to be forgotten” – an inaptly-named grab bag for the conditional stake each of us has against the processing and prominence of personal data which holds no public interest, because, for example, it has lost its accuracy, its timeliness, or its relevance.
The right to be forgotten exists somewhere in the swamplands between the islands of internet freedom and data privacy – islands between which there are many bridges and murky shoals. And it brings into sharp relief that while we may all agree on the existence of rights, there are vast differences in how we conceive their boundaries and, most importantly, what to do when they conflict.
Take free speech, or the broader European notion of freedom of expression. The trans-Atlantic schism over this right is well known. The US takes a rule-based, permissive approach to free speech. This makes it more predictable, but it can be insufferable in particular cases. Europe goes the other way – it takes an act-based, restrictive approach to specific harm, but this makes it less predictable overall. Which is more beneficial? That’s a matter of personal politics, culture, and experience.
In the US, there are boundaries to free speech, but they are limited – it is illegal to falsely cry “fire”, to utter words that consist of fighting talk, to blackmail, to defame, and so on, just as in Europe. The disagreement comes in particular zones – questions like hate speech, defamation of a public figure, anonymous attacks – and in terms of how to balance competing considerations.
Once we correctly identify this as a matter of boundary disputes, informed by culture and history, the rhetoric falls away, leaving us with an exercise akin to legal cartography. Part of how the US perpetuates a rule-based approach is to see “speech” as a hard, relatively fixed, and identifiable thing – something humans do, as well as companies. Yes, Google has speech rights, so no, you cannot see under the lid of its algorithm, nor partially obscure its search results. The “speech” container is near impenetrable. In Europe, the container is more loose-woven – it’s not all-or-nothing.
If we think of free speech as being about protecting adjectives (“John Smith is an a**hole banker”), then data protection is about the nouns (“John Smith”, “banker”, “rehabilitated offender”, of “Rosy Brook”). Data protection is concerned with information identifiable to you or me – the semantic links that are the building blocks of our identities and relationships. These rights arose from concerns in the 1960s and 70s about the building of detailed digital profiles by governments and corporations. European pioneers had remarkable foresight about the way our liberties would come to be circumscribed, and our society divided, in a world where everything is quantified and transparent. We don’t know what it is like to live in that world, but we are moving fast towards it, and it is why, when it comes to the internet, the isle of data privacy and protection deserves as much attention as the isle of free speech.
Data protection gives a different orientation to the cartographer’s task. When judging speech, truth and intent are relevant. But for personal information, the situation is different. Why? Because personal information is at the heart of our identities, our life stories. Our lives and identities have a trajectory that data does not – the former is dynamic, the latter static. And there is a power that can be repressive in wrongly holding even a subset of static keys to my life story – even if they are true. It is a power that is sometimes subtle, sometimes crippling, but it allows manipulation, nudging, moulding, and censoring. Such power is part of our world, and long has been, but its potential future scale is unprecedented. What data protection seeks to ensure is that our autonomy and control over personal information can be restored, to prevent it being ill-used – or because control should never have been relinquished in the first place.
Data protection and freedom of expression conflict in some cases – and when they do, this must be addressed transparently and with rigour. But the fact they conflict does not make them incompatible. What is imperative is to remember that we have grappled with conflicting rights for a long time, in different contexts and different countries. There are important values at the heart of each, and judging their boundaries requires respect and nuance, not force projection and blanket defence.