Internet freedom of speech is not given the attention it merits while the EU ponders on its EU Data Protection Regulation. Many rightfully fear that censorship is looming near and is nearer than one imagines. While the General Data Protection Regulation (GDPR) has lingered since the 1990s, many countries have followed the EU aspiration of enhancing data protection to the extent of elevating the notion for fundamental right consideration. Even the EU Charter underscores the notion by stating that individuals have the ‘right to protection of personal data as a separate and equal right to privacy.
This notion has had push back from companies that consider such pursuit of privacy to be inconsistent to business practices relying on marketing and other means for customer generation and profiling. But the process for protecting personal information has had a negative impact on right to freedom of speech. By enforcing measures for the deletion of information that another individual may post on someone else, regardless of its public interest value, or about issues and policies, it effectively is denying the right of free expression. The control and denial of the right of expression is also denying readers from being informed and forced to be informed only on future limited scope of information, hence, online censorship disguised.
Freedom of speech will be at risk of being limited as EU enforces its data protection by implementing directives to have information in the form of statements deleted from online sources. The scope of such measures has surpassed just private information held by a company, but has now reached information that according to the Google Spain v. Mario Costeja González right to be forgotten case, is deemed to be inadequate, irrelevant or excessive about a person.
One critical concern, among others is how the GDPR’s July 2015 Draft version reads, it appears that it will exceed by implication the scope of the Google Spain’s court ruling. There is a stated role for an internet intermediary to be tasked to asses and respond to the individual requesting the removal of online information. This intermediary does not have the obligation to provide notice to the poster of the information. This is in contrast to Digital Millennium Copyright Act process that provides for notice and for an assessment of the legitimacy of the request by the search engine.
Another critical concern with the GDPR’s version is that while the intermediary may elect to have the content deleted without informing the poster, but still inform the downstream publishers and recipients of the otherwise posted content, the intermediary is responsible to provide the posters information to the individual requesting the content removal. In essence, the GDPR provisions do in fact allow for personal information to be shared.
With the high penalties assessed on the poster/writer of the online posts if the EU authorities subsequently determine that it should have been removed, an intermediary tasked to assess will be most likely inclined not the take the risk of being penalized and out of caution direct removal of the posted content, provided the absence of countervailing public interest value of the posted content, and at the same time be obliged to provide the requester the personal information of the poster. So, while the EU provision claims to seek the protection of privacy it allows for the personal information of the author of the post to be shared to the individual requesting the deletion, or claiming a right to be forgotten. Internet freedom of speech may be at risk in the EU.