Privacy and Search Engines: Forgetting or Contextualizing?

This article considers the much‐criticized ‘right to be forgotten’ in the context of the European Court of Justice's judgment in the Google Spain case. It defends the ‘right to be forgotten’ as a metaphor that can provide us with a better understanding of the particular privacy concerns of the search‐engine age and their interaction with the freedom to access information, and draws on Goffman's idea of ‘information games’ and Nissenbaum's theory of ‘contextual integrity’. While supporting the principles that underpin the judgment, the article rejects the Court's binary approach of ‘forgetting’ versus ‘remembering’ personal information. Instead, it argues that the EU legislator should introduce more nuanced means of addressing modern privacy concerns. By establishing two remedies – ‘delisting’ or ‘reordering’, depending on the nature of the information – online information flows can be adjusted to preserve both the right to privacy and the freedom to access information in more contextually appropriate ways.     

Information Privacy Protection in the New Chinese Civil Code: Priority or Replacement?

The right to privacy has been developed through judicial practice and has evolved from “the protection of the right to reputation” to “privacy interest” then to “privacy right.” The Civil Code of the People’s Republic of China (2020) clarifies the right to information privacy and the right to personal information as two independent personality rights and establishes a privacy priority protection mechanism for private information in civil law. The comparative efficiency of the right to personal information may mean that the protection of the right to information privacy is weakened or even replaced by the right to personal information. The uncertainty and fragmentation of private information also creates a wide gray space for judicial decisions. The development from traditional privacy right to information privacy right and personal information right is generally positive and shows the active legal response to the protection of private information in multiple ways. However, clarifications and systematization are required to increase the effectiveness of such protections.     

The retention of personal information online: A call for international regulation of privacy law

New technologies permit online businesses to reduce expenses and increase efficiency by, for example, storing information in “the cloud”, engaging in online tracking and targeted advertising, location and tracking technologies, and biometrics. However, the potential for technology to facilitate long term retention of customers' personal information raises concerns about the competing right of individuals to the privacy of their personal information. Although the European Commission has recently released a proposal for regulation to “provide a data subject with the right to be forgotten and to erasure”, neither the OECD Privacy Guidelines nor the APEC Privacy Framework includes any requirement to delete personal information. While New Zealand includes a “limited retention principle” in the Privacy Act 1993, apart from one limited exception the privacy principles cannot be enforced in court. Taking New Zealand privacy law as an example, this paper examines the issue of retention of customer data, explains why this is a serious problem and argues that although it could be addressed by appropriate amendments to domestic laws, domestic privacy legislation may not be sufficient in an online environment. In the same way as other areas of law, such as the intellectual property regime, have turned to global regulatory standards which reflect the international nature of their subject matter, international privacy regulation should be the next stage for the information privacy regime.     

A Behavioural Understanding of Privacy and its Implications for Privacy Law

This article draws upon social interaction theory (the work of Irwin Altman) to develop a theory of the right to privacy, which reflects the way that privacy is experienced. This theory states that the right to privacy is a right to respect for barriers, and that an invasion of privacy occurs when a privacy barrier is penetrated. The first part of the paper establishes the position of the author's theory in the existing scholarship. The second part of the paper expands upon the theory to explain the nature of privacy barriers and the way that the author's theory manages a number of specific privacy issues, including threats to privacy, attempted invasions of privacy, unforeseeable interferences with privacy and waiving the right to privacy. The final part of the paper demonstrates the impact that this approach to privacy could have upon judicial reasoning, in particular Article 8 European Convention on Human Rights.     

Privacy notices versus informational self-determination: Minding the gap

Privacy notices are instruments that intend to inform individuals of the processing of their personal data, their rights as data subjects, as well as any other information required by data protection or privacy laws. The goal of this paper is to clarify the current discourse regarding the (in)utility of privacy notices, particularly in the context of online transactions. The perspective is a European one, meaning that the analysis shall be geared towards the European Data protection framework, particularly the European Data Protection Directive. The paper discusses the role that privacy notices play under the European data protection framework today, summarizes the main critiques regarding the use of privacy notices in practice and develops a number of recommendations.     

Narratives about privacy and forgetting in English law

This paper examines narratives about the right of privacy in the UK. It argues that until relatively recently the dominant narrative was one that associated privacy with celebrity claimants and media defendants. Other narratives, such as those concerned with digital privacy and data protection, did not feature as prominently. But changing technological and social contexts mean that these narratives are now understood to be of immense importance too. This paper explores these narratives against the backdrop of the European Commission's proposals for a ‘right to be forgotten’ (now relabelled a ‘right to erasure’), the subject-matter of this special issue, as well as the 2014 Google Spain judgment. The paper emphasises the importance of forgetting as an aspect of the right to privacy and argues that while the UK legislator and courts have been slow to give effect to erasure remedies, they must now start exploring the bounds of legal possibility in order to meet the challenges of the digital age.     

隐私权的经济分析

隐私本质上是私人信息,隐私权是个人控制其私人信息的权利。无论隐私是否涉及到个人名誉,从对隐私的成本——收益分析来看,在权利的初始配置的意义上,都应当将控制私人信息的权利配置给信息生产者而形成隐私权。隐私权不能仅仅囿于人格权的范畴,而应该向其财产权性质方面着力发挥。将私人信息的权利配置给个人,个人就能够控制其私人信息从而形成对其私人信息的财产权,进而实现对隐私权更为切实的保护之目的。     

The rule of law online: Treating data like the sale of goods: Lessons for the internet from OECD and CISG and sacking Google as the regulator

The decision of the Court of Justice of the European Union (“CJEU”) in the case of Google Spain SL v Agencia Española de Protección de Datos (AEPD) ² [“the Google decision”] to require Google to enforce a right to be forgotten has caused a furore and sets a dangerous precedent in internet regulation. ³ It is setting up the search engine as a form of Internet Government and fracturing the balance between privacy and freedom of information in the connected world. In a world where we have become attuned to full exposure by routinely signing over access to information, privacy is no longer the issue – the real concern is control. This paper seeks to address the issues of whether we have a right to privacy anymore, who should be making decisions about what is available and where and how a global convention on access to information might be achieved.     

A new approach to the right to privacy,or how the European Court of Human Rights embraced the non-domination principle

As it is currently regulated, the right to privacy is predominantly conceived as a subjective right protecting the individual interests of natural persons. In order to determine whether this right has been affected in a specific situation, the so-called ‘non-interference’ principle is applied. Using this concept, it follows that the right to privacy is undermined if an ‘infringement’ with that right by a third party can be demonstrated. Although the ‘infringement’-criterion works well when applied to more traditional privacy violations, such as a third party entering the home of an individual or eavesdropping on a private conversation, with respect to modern data-driven technologies, it is often very difficult to demonstrate an actual and concrete ‘infringement’ on a person's right or freedom. Therefore, an increasing number of privacy scholars advocate the use of another principle, namely the republican idea of ‘non-domination’. At the core of this principle is not the question of whether there has been an ‘interference’ with a right; rather, it looks at existing power relations and the potential for the abuse of power. Interestingly, in recent times, the European Court of Human Rights seems to accept the republican approach to privacy when it deals with complex data-driven cases.     

Privacy principles,risks and harms

The protection of privacy is predicated on the individual's right to privacy and stipulates a number of principles that are primarily focused on information privacy or data protection and, as such, are insufficient to apply to other types of privacy and to the protection of other entities beyond the individual. This article identifies additional privacy principles that would apply to other types of privacy and would enhance the consideration of risks or harms to the individual, to groups and to society as a whole if they are violated. They also relate to the way privacy impact assessment (PIA) may be conducted. There are important reasons for generating consideration of and debate about these principles. First, they help to recalibrate a focus in Europe on data protection to the relative neglect of other types of privacy. Second, it is of critical importance at a time when PIA (renamed ‘data protection impact assessment’, or DPIA) may become mandatory under the European Commission's proposed Data Protection Regulation. Such assessment is an important instrument for identifying and mitigating privacy risks, but should address all types of privacy. Third, one can construct an indicative table identifying harms or risks to these additional privacy principles, which can serve as an important tool or instrument for a broader PIA to address other types of privacy.     

基因信息与基因隐私权的保护

基因信息包含了一个人生命的全部秘密，应纳入隐私权的保护范围。基因隐私权的内容包括采样时的知情同意权，基因信息的知晓权，基因信息的保密权，基因信息的利用权。侵犯基因隐私权具有便捷性、隐蔽性、关联性、实质性、长久性等特点。我国立法应确立基因隐私权。侵害基因隐私权应承担相应民事责任。     

网络信息隐私权法律保护研究

网络信息隐私权是网络环境中产生的新问题.从隐私权涵义入手,阐述网络环境中隐私和隐私权的内容,分析国外网络信息隐私权保护现状,分析我国网络信息隐私权的保护情况,对法律保护模式及立法架构进行理性思考.     

美国信息隐私立法透析

美国法以隐私权作为个人信息保护的权利基础,在公领域,实行分散立法模式;在私领域,美国选择了行业自律模式,在全球个人信息保护立法中产生了巨大的影响。美国制定信息隐私保护政策和法律的基本思路是力求在信息流通和隐私保护之间寻求平衡。信息隐私权是美国信息隐私法上的一个核心概念,它是随着社会对个人信息的保护而产生的,指个人针对其信息所享有决定权、支配权和控制权。     

日本法上的劳动者人格保护—以劳动者健康隐私为中心

劳动者人格保护是现代劳动法上的重要内容。从以恢复劳动者之对等人格的集体劳动法律发展伊始,劳动者如何获得法律上"人"之对待,是促使劳动法发展演进的动力来源之一。我国劳动法上的劳动者人格研究甚少,基本停滞于"劳动者尊严"的保护原则宣誓上,其中,劳动者的健康隐私,在近年社会运动过程中获得了反歧视法上的保护。然而,无论是何种劳动者隐私,均属于劳动者人格权的范围,应当从劳动者人格权保护上予以正视。以日本劳动者人格保护中的健康隐私保护为例,其在实体法和判例法上的经验,可为我国劳动者人格保护问题的研究深入提供借鉴。     

A historian's view on the right to be forgotten

This essay explores the consequences for historians of the ‘right to be forgotten', a new concept proposed by the European Commission in 2012. I first explain that the right to be forgotten is a radical variant of the right to privacy and clarify the consequences of the concept for the historical study of public and private figures. I then treat the hard cases of spent and amnestied convictions and of internet archives. I further discuss the applicability of the right to be forgotten to dead persons as part of the problem of posthumous privacy, and finally point to the ambiguity of the impact of the passage of time. While I propose some compromise solutions, I also conclude that a generalized right to be forgotten would lead to the rewriting of history in ways that impoverish our insights not only into anecdotal lives but also into the larger trends of history.     

基因隐私权的法学思考

由于基因科学迅速发展以及基因技术的广泛使用,对个人基因信息的法律保护问题日显突出.从民法上的隐私权出发,提出基因隐私权的概念,并继而探讨基因隐私权与其他权利,尤其是基因知情权的冲突.通过比较美国与我国对基因隐私权的法律保护,提出了对基因隐私权进行系统法律保护的立法建议.     

基因隐私权的民法保护

以传统隐私权保护为基点的现行立法与司法,无法完成现代隐私权,特别是个人信息隐私权所强调和要求的保护架构.在权利配置上,无法实现对传统隐私权按照个人信息处理程序的不同阶段进行权利增设与重置.在保护机制上,无法通过司法能动主义建立个人信息隐私权,特别是基因隐私权所要求的公共监督框架.因此,在后基因组时代,应当坚持以个人信息法作为个人信息(包括基因信息)保护的基本制度框架,在个人信息法的范围内,对作为高度敏感个人信息的基因信息予以特别处理.     

隐私的价值独特性:个人信息为何应受保护?

要想准确理解已经开始施行的《个人信息保护法》,就必须恰当回答“个人信息为何值得保护”的问题,而这个问题的答案经常与“隐私”的价值关联在一起。但是,对隐私的理解,主要被一种“隐私并不具备独特价值”的化约论所统治;因此,只有击败化约论,才能最终证明隐私的价值独特性,也才能最终说明隐私为何值得保护。击败隐私化约论最主要的理由是,如果认为隐私不具备价值独特性,那么对任何特定个体而言,就只能提供“我是我”的对待,而这种对待将会带来贬损、甚至否认“我是人”的结果,这将会严重损害人的尊严。     

网络时代的隐私权──兼论美国和欧盟网络隐私权保护规则及其对我国的启示

随着网络和信息技术的快速发展,网络上的个人隐私权正在被严重地侵害,面对这种侵害,各国都致力于建立完善的网络隐私权法律保护体系。从比较研究的角度讨论美国和欧盟的网络隐私权立法保护模式和规则,并对我国网络隐私权的保护提出立法建议。     

Data protection legislation: What is at stake for our society and democracy?

The author starts by questioning the main privacy challenges raised by our present and future information society viewed as a “global village”. Apart from a comparison with the traditional village of our parents, he identifies the two complementary and not dissociable facets of our privacy: the right to seclusion and the right to participate fully in our society. According to the first German Constitutional Court recognizing the right to informational self-determination as a new constitutional right, he underlines the need to analyse the data protection as a tool for ensuring both the citizens' dignity and our democracy.