Tag Archives: private life

Right to Information Recognised in New European Court Rulings

Image: Group of scholars studying books. Text: A Right to Information: Finding a Good Balance with the Right to Be ForgottenTwo much anticipated rulings have come from the Court of Justice of the European Union. Both are ‘preliminary rulings’, effectively requests to the Court to offer clarification on what EU law – in this case the ‘right to be forgotten’ doctrine created by the Court in 2014 and placed in legislation in the General Data Protection Regulation of 2016.

As a reminder, the right to be forgotten refers to the right of individuals to ask that particular stories not be included in search results for their name. The idea is to ensure that there is a way of avoiding that search engines automatically give prominence to information that is unduly invasive of privacy.

IFLA has released a statement on the subject, underlining that the right to remove search results risks undermining access to information for internet users. While the IFLA statement notes that in some situations, a right to be forgotten may make sense, it argues strongly that this should be the exception, not the norm, and stresses concern about the impacts of leaving this choice to private actors.

The two cases in question come from France, and its Conseil national de l’informatique et des libertés (CNIL) – the national digital data protection authority. In the first (C-507/17), the CNIL itself was in dispute with Google about whether, once there had been a decision to award the right to be forgotten, this should only be applied within Europe, or whether Google should be obliged to apply it on all versions of its search engine, around the world.

The second (C-136/17) asked whether the ban on ‘processing’ (doing things with) certain types of personal data, such as that about religious beliefs or politics, should also apply to search engines.


The Right to Information

In the first case, the Court decided that there was no obligation to remove relevant links from search engines around the world, rather than just in France or the EU (global delisting). This is an important decision, and one that IFLA itself supported, given our own statement on the subject.

Significantly, the Court explores the question of the costs of global delisting: ‘However, it states that numerous third States do not recognise the right to dereferencing or have a different approach to that right. The Court adds that the right to the protection of personal data is not an absolute right, but must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. In addition, the balance between the right to privacy and the protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world.’

This definitely a welcome point for libraries, and one that underpins the final decision of the European Court, given its explicit recognition of a right to information of internet users around the world.

In the second case, the Court does note that the bar on processing highly personal information applies also to search engines to the extent that they process it.

However, it also argues that the exceptions to this bar do too – in a case where including a link in search results is essential if a balance is to be found between the rights of individuals and of information seekers, then this can be OK.

Therefore, in cases where the subject of the information has a prominent role in public life, it may well be acceptable to maintain search results, in order to ‘protect[…] the freedom of information of internet users potentially interested in accessing that web page by means of such a search.


But No Resolution Yet

In both cases, the final decision rests with the French courts. The European Court has given guidance on how to take this, but leaves enough margin of appreciation the judges in Paris. As a result, in the case of global delisting, despite all of the arguments to suggest that this is a questionable move, the judgement still says that there’s nothing saying that this cannot still be requested.

Similarly, the judgement on highly personal data suggests that it is for the French judges to determine whether Google has taken sufficient care in working out whether it was necessary to include the relevant links in its search results. As a result, we will not know the final results for a while yet.

Clearly Google itself is a lightning rod. Its size and reputation make it a bogeyman for many. However, it is worth noting that the judgements apply not just to Google, but also to any other company or information service offering search functionality.

As seen in the Le Soir judgement in Belgium in 2016, the idea of the right to be forgotten can also be applied to a service offering search into digitised old newspapers.

Crucially, while Google may be in a position to apply the rules set out, it may be harder for others to do the same. For example, in the judgement on highly sensitive data, the Court argues that a search engine should be able to rearrange results about court judgements in order to ensure that the most recent information comes first.

If the rules around offering search services become more complicated, the risk is that it’s the smaller players who will fall foul of the rules, not Google, reducing the choice of information seeking tools available to users around the world.


A Right to Anonymity?

A Right to Anonymity - ImageWith recent reforms in Austria set to remove the possibility to leave anonymous comments on the internet, the question of the right to anonymity is on the agenda.

The justification for the reforms in Austria is concern about the rise of ‘hate speech’, and the sense that anonymity can give people the possibility to spread discriminatory views without consequences. If there’s a risk of being identified and caught, the argument goes, people will moderate their speech.

Civil liberties groups have, however, opposed this, pointing out that it is often the usual victims of hate speech – marginalised groups, those in vulnerable positions – who have benefitted most from the opportunity to use the Internet without giving up their identities.

How does this affect libraries, both as concerns their values and their practice?

Anonymity is included as a concept in IFLA’s own Statement on Intellectual Freedom, which is celebrating its 20th Anniversary this year:

‘Library users shall have the right to personal privacy and anonymity. Librarians and other library staff shall not disclose the identity of users or the materials they use to a third party’.

Talking about privacy and anonymity is perhaps a little awkward. In effect, anonymity is rather one means – a particularly effective one – of ensuring privacy. If you are never identified in what you do, then there is no possibility of someone else learning about your preferences or activities.

For example, it is the difference between paying for your groceries with a credit or debit card, and paying with cash. Paying with a card leaves a trace which a shop or card provider can use to build a profile. Paying with cash leaves no trace. It is far easier to be anonymous in the latter case.


Of course, privacy can be achieved without anonymity. There are conditions under which personal data collection is acceptable – and even desirable.

Indeed, this is recognised in legislation such as the General Data Protection Regulation in Europe. This both looks to ensure that no more data is collected than necessary (data minimisation), and that what data is collected is done with consent, and then stored and used properly.

In short, privacy implies a mixture of anonymity in some cases, and careful and ethical collection and management of data in others.

The question then is of how to decide when we should opt for anonymity, and when not, acknowledging that the highest level of privacy comes from keeping people anonymous.


Anonymity vs Data Protection

There are some interesting examples in the wider world that offer some insights into this question. For example, it is seen as normal that we need to identify ourselves in order to buy and drive a car. Nonetheless, the list of who owns which car is not made public.

However, if we were asked for the same in order to ride a bicycle, this would seem shocking.

Why is this? The reason likely lies in the fact that it is far more likely that someone can do harm in a car than on a bicycle. In order to catch those who are driving too fast, or causing accidents, giving the police a means of identifying the owner of a car can be seen as justifiable (if not perfect).

A second example comes from contrasting medical records with information about how someone travels around within a country.

We generally accept that medical professionals should have access to records about allergies, conditions and past treatment in order to improve our care. We of course expect that these are properly looked after.

In contrast, in most parts of the world, we don’t expect to be tracked as we move around within the cities, regions or countries we live in. While, of course, our phones often do this for us, when we become aware of it, we often remember to update our settings to prevent this.

In short, while there may be some situations where being tracked is helpful (for example to find missing people or to make using online maps easier), many given the option will choose anonymity.

In this case, even though medical information is arguably far more personal than travel information, we accept this breach of anonymity because it brings real benefits.

What about libraries?

Many libraries do not require identification for someone to be able to enter a building and use resources on site (although policies do vary when it comes to using library computers). However, in order to borrow books, a library card is necessary, implying a loss of anonymity.

The justification is that lending only works when there are limits on what any individual can borrow, and that there is a time-limit on this. This is only possible with an account attached to a person.

The IFLA statement implicitly recognises this divergent approach, accepting that in addition to anonymity in some circumstances, libraries will also hold personal information which could (but shouldn’t, at least not without consent) be shared with third parties.

How does this choice apply when it comes to using – and expressing yourself – on the internet?


The Man Without an IP Address

Clearly the argument of the Austrian government is that the harm done by online hate speech is cause enough to oblige people to use their real names.

At first, this logic is attractive. Hate speech does indeed do harm to people who may already be vulnerable, and it is important to stop it when it risks leading to real harm.

However, it is not necessarily the case that identifying a person stops this from happening – in the end, it is taking down the content itself that resolves the issue. This can be done through notice and (transparent) moderation.

The subject of hate speech itself is also difficult. While there may be some black-and-white cases, there are many more nuanced ones where it is hard to draw a clear distinction. Just because something is rude or offensive for some, it does not necessarily make it hate-speech.

This recalls the situation with other reasons often given for restricting content, such as security (many governments claim that any criticism of their actions is a security threat) or morality (used in many situations to repress LBGTQI expression).

It is clear of course that perhaps some sources of hate speech will think twice if they need to share their identities. But this does not necessarily stop them holding such views, or carrying out acts motivated by them.

Furthermore, we also have to accept that removing the right to anonymity risks opening the doors to other moves away from anonymity as default, and so weakening a key protection for vulnerable individuals and groups.

People who have found a community and a voice online that has been denied to them in the physical world risk losing it when their names are shared. Through this, they can become the victims of attacks on their persons and property.

At a less extreme level, the feeling of being watched can have a chilling effect on online behaviour, restricting people’s ability to follow their interests and develop their personalities. In any case, for a democratic government to take such a step, even for the most honest of intentions, simply risks legitimatising those who will use restrictions on anonymity to crack down on diversity and dissent.


The implication of the General Data Protection Regulation, as well as of IFLA’s Statements on Intellectual Freedom and Privacy in the Library Environment is that the default in any situation should be the highest possible level of privacy – i.e. anonymity.

It follows that the collection of data should be the exception, not the rule, and in this case be justified, with cases such as that of Austria provide an opportunity to remind ourselves what’s at stake.

Nonetheless, decisions about when it is acceptable to derogate from anonymity also appear in the work of libraries. It is important to be conscious of these, in order to take the best decisions for users.

Four Dimensions of Data Protection in Libraries

Scandals around the collection and use of personal information appear to be reaching a critical mass.

The first cases brought against companies under the General Data Protection Regulation are coming to court in Europe, and Facebook founder Mark Zuckerberg has declared that he wants to focus more on privacy. Stories of major data breaches regularly hit the headlines.

After many years of concern that ‘privacy’ was a niche thing, a priority only for a vocal few, it is now the subject of growing attention.

At least in the library world, the importance of privacy is well established. We know that it facilitates free speech and access to information, helps protect users from having their internet experience channelled for commercial reasons, and allows us to function as people.

Yet like all human rights, privacy – and more specifically data protection in terms of control over what data is collected about you and how it is used – is not necessarily an absolute right. Instead, it can be exercised only so far as it does not stand in the way of other rights and interests (and vice versa).

This blog, therefore, sets out four ‘dimensions’ of the privacy debate where libraries, in their work, have to find the right balance.


Privacy vs Performance

Much of the excitement around the data revolution has come from its potential to help us understand more about the world and make more accurate predictions.

Clearly a focus on measurement as a tool for performance improvement pre-dates the digital age. However, the new technological possibilities to track individuals’ behaviour have made it far more tempting to use data to try to redesign services or products, including for libraries.

However, there are ethical challenges around the tracking of individuals (not least library users). While the intention may be to improve services, it is not without cost. Tracking can involve a violation of privacy (especially when it’s not clearly explained), and a restriction on personal responsibility of users, such as students.

Moreover, it is not necessarily the case that the measurements made are appropriate. We often focus rather on what can be measured (pages read, downloads, time spent in the library) rather than less easily gauged, but more meaningful, things (understanding, skills development). This can lead to misallocation of effort.

A careful judgement needs therefore to be made around where it can be appropriate to collect data, ensuring not only transparency, but also protection of users.


Privacy vs Price

While the idea of surrendering privacy in order to save money can sound cynical, it is in effect what we are doing when we use many free services online.

In the US, there has been the suggestion that consumers can choose between a high-privacy, more expensive internet connection package, and a cheaper one where user data is sold on to advertisers and others.

This choice may not always be explicit, but vendors with whom libraries work can and do collect data about library user behaviour. It is reasonable to think that without this possibility, they would charge more for the services provided, in order to maintain revenues.

It is not always an easy decision, especially when budgets are tight, but libraries a need to take well-judged, conscious decisions, and of course give users the tools and possibility to do the same.


Privacy vs Public Interest

The concept of ‘public interest’ can be a fair reason for taking steps that limit rights. The imprisonment of violent criminals for example – depriving them of many of their freedoms – makes life safer for everyone else.

Where there is a genuine reason, due and transparent process is followed, and restrictions are proportionate, there can be a case for restricting privacy too. The challenge is that all of these terms are at least partially subjective, and require careful (and well-explained) judgement in order to be used properly.

Too often, the ‘public interest’ can also serve as a justification for disproportionate limitations on rights, for example mass-surveillance. This makes it a difficult area for institutions with a strong commitment to freedoms and privacy.

Libraries of course are institutions operating under the law, and cannot be expected to break it. However, within these limits, there can be means of ensuring that privacy is protected, such as through the deletion of data, or allowing anonymous internet browsing.

The key, once again, is to find the right balance. There is of course no simple answer, but it is clear that privacy must be born in mind, and restrictions kept to a minimum.


Privacy vs Preservation

A final debate focuses more on library content itself. Inevitably, any library charged with collecting information that documents contemporary society and thinking will acquire books, journals, newspapers, webpages and other materials that contain information about people.

Much of this – dealing with biographical detail or political views for example – counts as personally identifiable information. While libraries’ activities in this area, strictly speaking, count as a ‘violation’ of privacy, it is one that is necessary for them to do their jobs.

Indeed, thanks to the collection and preservation of such materials, it is possible to ensure as complete a historical record as possible for the benefit of the researchers and readers of the future. It also helps promote, for example, the accountability of politicians or other influential people.

IFLA has therefore been highly cautious around concepts such as the ‘right to be forgotten’ and the ‘right to erasure’. This is not to say that, as part of professional codes of ethics, librarians shouldn’t take care with information that is sensitive. Indeed, this is where the debate should be, not around the deletion, pure and simple, of work.


Perhaps depressingly, this blog serves only to set out questions rather than answers. The questions are also hard, at least for those defending privacy, given that the case ‘against’ in each example can seem attractive –higher-performing services, a greater budget for acquisitions, safer societies, and the preservation of the historical record.

Nonetheless, privacy cannot be sacrificed, given the fundamental impact it has on the way we live our lives, and of course use libraries. The job of librarians – and of IFLA – is to help find the right balance.