Oh! The number of questions within this question. Like, ‘what is blockchain and why does it sound mean?’ ‘What is my right to be forgotten?’ ‘WHY do I want to be forgotten?’ ‘Do I really have this right to be forgotten? Like the constitution says I do??’ ‘ And what has blockchain got to do with all of this?’
I am literally sipping water from a cold flask to calm my nerves because where do we even begin? I guess I’ll have to tell you a couple of stories first to lay some tracks for this article and also because that’s a hospitable thing to do – tell stories. The following stories are true ones:
The Murder of Walter Sedlmayr – Germany
The above-named man with the surname you can’t pronounce was a German actor who died in 1990. He was found in his bedroom, tied up, stabbed in the stomach with a knife and hit on the head with a hammer. Three years later, his former business associates Wolfgang Werlé and Manfred Lauber, were found guilty of his murder and sentenced to prison time which has now been completed. Obviously, this story made it into Wikipedia (German and English), and it made the two ex-convicts angry. They requested that their names be taken down from both posts as it eroded their right to privacy. Requests were not quite successful because I mean, you can still see their names here.
Porn Unintended – Argentina
Virginia da Cunha is a 37 year old Argentine Singer, Actress and Dancer. In 2012, she took a bunch of sexy pictures (as celebrities are known and opportuned to) and even gave appropriate permission for same pictures to be published online. However, the pictures began to come up when ‘pornography’ or porn related words were searched on the Google and Yahoo! search engines. The celebrity sued both companies to remove these results. They were taken down. She won. (Although, I hear that the case is on appeal)
Melvin v. Reid – The United States
Melvin was just a prostitute in her former life. However, as it is with such a risky profession, she found herself being accused of murder. She went through the court motions but thankfully, the court decided that she wasn’t guilty, so she was acquitted. Melvin got herself rehabilitated and began to lead a peaceful life with a husband. Seven years later, however, a movie called ‘The Red Kimono’ was released and it was based on Melvin’s former life including the murder. The facts in the movie were not misrepresented and in fact, Melvin’s maiden name was used.
She sued the movie makers and finally, she won. The court is recorded to have said: “any person living a life of rectitude has that right to happiness which includes a freedom from unnecessary attacks on his character, social standing or reputation.”
Mario Costeja González; Fighter of Google – Spain
A long time ago, Señor Mario was in some social security debts in Spain, and so a property of his was foreclosed by the government. Adverts were made in a print newspaper calling on people to come for the auction of his house, and later on, these adverts were moved to the Newspaper’s website. Because no condition is permanent, all of these money issues were eventually over and Señor Mario could continue living his life but for one problem – if you searched his name on Google forever, you’d see that he was once in debt and his house was up for auction. It was embarrassing to him (because imagine his bank or his employers doing a search on him). He reached out to the Newspaper, to Google in Spain and to the Data Protection Agency in his country, requesting that this content online be taken down. A lot of super interesting legal arguments were made in court and I’m doing everything I can not to go into them because the article is already looking long. So, let’s continue.
THE RIGHT TO BE FORGOTTEN
I believe your train of thought has followed these tracks I have laid and now you might have an understanding of what the right to be forgotten is.
The right to be forgotten is simply the right of a person to determine and have some control over the development of their life and of their profile narrative online. It is to be able to control information about yourself such that you’re not being perpetually or periodically stigmatized as a result of something you did or something that happened to you in the past.
It is a person’s right to have certain data deleted so that internet surfers can no longer trace them. The right to be forgotten has been defined as ‘the right to silence on past events in life that are no longer occurring.’ A lot can be said on the definition but just understand it as the power of a person to induce amnesia regarding information s/he would rather not be remembered for.
A noticeable trend in the stories I told earlier (and indeed other stories around this) is that the complainant or plaintiff usually refers to this right as ‘the right to privacy’. I’ll believe that that’s poorly couched, but forgivably so because the right to be forgotten is relatively new and its conceptualization is still in the works.
While the Right to Privacy generally relates to information which is not already publicly known, the right to be forgotten involves information already in the public domain but which needs to be erased. It’s like a ‘forgive and forget’ scenario, only with the emphasis on ‘forget.’
There are arguments for and against this right and of course both sides have their points.
For instance, when you consider repulsive issues such as revenge porn, child crimes, and just the sheer understanding of the frailty of man, one is prone to embrace this right. However, considering (and I speak for Nigeria) crass and dubious politicians who double as our nation’s cancer, and their penchant for literally erasing our memories either by stopping the teaching of History in schools, intimidating the media, influencing the media with fake information and so on, you might be inclined to be anti-RightToBeForgotten.
Currently, Argentina and the European Union are championing this right. I hear that Argentina is more of a boss at it but the EU isn’t doing badly at all. Article 17 of the GDPR (have you read my GDPR article?) states that ‘the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:’ It then goes on to list 6 simple grounds:
Also, see this simple chart explaining the non-absoluteness of the right.
Perhaps you have the same question as I did when I read Article 17 GDPR: Can Search Engines be said to be Data Controllers?
The GDPR basically states that data controllers are those who determine the purposes for which and the manner in which personal data is processed. And the Court of Justice of the European Union (CJEU) states in Señor Mario’s case that an internet search engine operator (e.g. Google, Yahoo! Bing), is responsible for the processing that it carries out of personal data that appear on web pages published by third parties. Cool stuff.
So, because the EU is working hard to protect citizens within its jurisdiction, Google (and some other search engines) have created data erasure forms for EU residents to fill to have their online data wiped if they want (and of course with terms and conditions). It’s called ‘EU Privacy Removal’. It’s here. Google also added ‘Iceland, Liechtenstein, Norway and Switzerland.’ (Sorry, Nigeria and other African countries.) You can see more info on how the form works here.
Well, I believe all your questions about the Right to be Forgotten have been answered. Although there are till appendages of issues on that right, I am confident that you are successfully abreast of the fundamental vibe of it. If I’m right say, “aye!”
(the ‘ayes’ have it!)
If you’re non-technical, let me give you heads-up. EVERY article attempting to explain blockchain usually goes like this: ‘Okay, I understand this, I understand that. Yeah, that’s understood. Oh? Cool. Yeah, that makes sense. This thing is actually pretty relatab–oksbutwyfduwdcfdyqrsdifwqusjw;qodifiwqyphwoiudiogfwqdcjwqfexhwqdfsglwq;oiudpewqo8ydfwtf’.
But I’ll try my best to tell you how I understand it. Blockchain is a technology that can also be called a distributed ledger. You know what a ledger is, right? No? Okay, A ledger is a file that records financial transactions. Now picture a digital ledger that can record every valuable transaction online. That ledger is then spread across several computers and every time it is updated with a new transaction, it updates itself on every computer. (N.B. Blockchain is not bitcoin; it’s just the tech that helps bitcoin be bitcoin.) So the blockchain database is identical on every node (computer) and so it leaves a (generally) publicly accessible data trail. I mean, if you know what to do, you can access the trail.
Therefore, if you’ve engaged in transactions relevant to the blockchain, your data is stored in the chain – data like your address, card number, phone number could be represented on a blockchain.
Now, blockchain is like the banner of internet integrity such that the data recorded in a chain is immutable and unerasable. Although it’s mostly encrypted, it can be decoded and therefore identifiable.
But I repeat, data in blockchain is not erasable. You cannot delete the data. You, also, cannot change or edit it – because this will break the chain and make the entire concept of blockchain useless. You can only add more to the chain.
So what is the effect of Article 17 of the GDPR and the general concept of the right to be forgotten & the right to erasure on blockchain technology? I thought I was a genius when I thought of this question but it turns out many other people are thinking of it.
From my research, although there are a couple of things you can do on a private (permissioned) blockchain (like choosing to forget or throw away the encryption key for the data, or setting the transaction to an unsolvable private key thereby locking yourself and everyone else out), there is
not much nothing, you can do on a public, generally accessible blockchain except to NOT store personal data on the chain. You may choose to store the personal details of that data off the chain and then instead, store an encrypted reference to it on the chain. If anyone wants to access that reference, then the person must verify that he has the right to. If he does, he will then be referred to where the data is by a link (which won’t be on the blockchain).
This was one person’s suggestion. It was probably the best I saw (and take this with a pinch of salt because I do not code). This paper, however, suggests a solution developed to help temporarily store, summarise or completely remove transactions from blockchain while maintaining the chain’s consistency. I don’t know. I call on techies to read it and summarize it to me.
I’m actually tired – I’ve sat for three hours doing this article.
BUT! I enjoyed every bit of it. I love studying the clash or relation of the two powerful forces called ‘technology’ and ‘law’. Because while the law is a mulish ass demanding that it must be obeyed, technology is a fleet-footed movement with its own inherent laws. They make an interesting couple. And I hope you enjoyed the article as well.
In conclusion, maybe blockchain does NOT snark at your right to be forgotten. But it does dare you to try!
I’ll appreciate your comments below!
Also, if you have any topics you think I should write about, please let me know with this simple form here.