How Could a GDPR-like US Law Raise Constitutional Concerns?
This article was co-written by Kris Lahiri, Data Protection Officer and Dawid Balut, Egnyte Architect.
Based on our observations, the right to be forgotten raises the most constitutional concerns. To some, the European right to be forgotten disrupts the free flow of information in society and restricts the right to freedom of speech, violating the First Amendment. In fact, “the First Amendment of the U.S. Bill of Rights indicates the specific rights of citizens to freedom from government intervention into freedom of expression and freedom of the press.” Article
Critics of EU data privacy laws claim that requests for information removal could quickly lead to over-censorship across the globe. They question how transparent communication “could occur in an ecosystem that allows for arbitrary information removal and the creation of memory holes.” Article The exact rights of what data can be requested to be "forgotten" is still ambiguous at best.
Following the GDPR, it is recommended that companies scrub their repositories of ROT (redundant, outdated, trivial) data. However, there is still a question of what criteria should be used to value stored content. Who decides whether the information is outdated? What exactly constitutes “trivial information?”
Here, the line between freedom and privacy seems to blur and it’s still unclear how people will respond to this portion of the new EU regulation.
To pass a similar legislation in the US, it must adhere to existing laws. Academics have suggested that in order to accommodate the US constitution, the right to be forgotten could be limited in a way that only allows for the deletion of data personally submitted by the individual making the request.
The following statement can be found in GDPR, Article 17.3a:
“Paragraphs 1 and 2 shall not apply to the extent that processing is necessary: for exercising the right of freedom of expression and information”
Time is needed to see how the right to be forgotten will actually behave now that the regulation is live.
This answer is based on off our observations and research and is not intended to be legal advice.
Learn More about GDPR and see how Egnyte can help you meet compliance.