By Alex Simard (PO’22)
Scroll down any parent’s social media and you’ll find countless images of their children. A recent piece in the Atlantic notes that social media has become the new family album. But unlike the albums of past, stored away in garages or attics, the modern album is profoundly public. What will happen when an incredulous child discovers their parent’s social media feed and finds that countless others have seen them and delved into their lives? That discovery is at the heart of the debate over the “right to be forgotten,” raising the question of whether a child, upon reaching adulthood, can remove those images from the Internet. In this piece, I’ll analyze the right to be forgotten through the lens of children’s privacy and weigh its viability in the United States.
Before any analysis can begin, it’s important to define the relationship between the right to privacy and the right to be forgotten. Scholars like Yoriko Haga contend that the right to be forgotten is an “extension of privacy” primarily because it finds its origins in two traditional privacy rights. The French droit à l’oubli, or right to oblivion, gives individuals the right to remove all information pertaining to themselves from the public eye, with some exceptions. The older droit moral, or moral right, grants artists and creators absolute control over their oeuvre.
What makes the right to be forgotten so contentious is its relationship to the right to privacy. Because the right to privacy varies in definition from country to country, so does the viability of the right to be forgotten. For example, the European Union clearly states a right to privacy and its privacy laws place droit à l’oubli and droit moral at their center. In the U.S., there is no defined right to privacy and courts view the two droits with skepticism.
That might be surprising, the concepts of droit à l’oubli and droit moral seem to align with traditional American narratives of renewal and reinvention. When Fitzgerald’s Gatsby or Mad Men’s Don Draper abandoned their pasts and created new identities, they embraced the droit à l’oubli. While it’s true that some aspects of U.S. law encourage reinvention, the courts tread lightly when it comes to privacy rights. Unlike French or European privacy laws, which are clearly defined and powerful, U.S. privacy laws are legislated on a careful case-by-case basis and face constant First Amendment tests. The reality of U.S. privacy law has prevented the advance of “right to be forgotten” laws. To understand why this is the case, I’ll compare European and American approaches to children’s privacy laws.
92 percent of American children under the age of two have an online presence. 34 percent have an online presence before birth. In comparison, 73 percent of European children under the age of two have an online presence and 14 percent have an online presence before birth. Europeans use the Internet and social media at similar rates to their U.S. counterparts. So, why the disparity? One reason may be the European embrace of “right to be forgotten” laws. Drawing from the French droit à l’oubli, the EU Charter of Fundamental Rights defines “respect for private and family life” as foundational. Drawing from the droit moral, the same document also defines clear protections for personal data. The latter protection has been expanded twice, first in 1995 with the Data Protection Directive and then in 2018 with European Data Protection Regulation (DP Regulation). Along with expansions in scope came expansions of the droit moral or, more precisely what data a person has “absolute control” over. The 1995 directive laid the foundations for the seminal DP Regulation, which gives individuals the right to obtain “erasure or blocking of data.” Under the DP regulation, personal data is defined as any data relating to an individual, and not just data created by an individual. This grants EU citizens an implicit “right to be forgotten.” The DP Regulation is a synthesis of Europe’s strong individual privacy tradition and EU member states share in that tradition. In France, broad privacy laws may allow children to sue parents who post images to social media without their consent.
Those outcomes, both the “right to be forgotten” and lawsuits directed against parents, are unlikely to materialize in the U.S. for two reasons. First, as Deputy Attorney General nominee Jeffrey Rosen notes, the European view of privacy “clashes” with “American conceptions of a proper balance between privacy and free speech.” To Rosen and many others in the U.S. legal community, the “right to be forgotten” constitutes a “threat to free speech on the Internet.” Second, U.S. law gives parents de facto control over their children’s internet use in hopes of maintaining a laissez faire vision of the Internet.
When looking at free speech concerns, consider the pre-Internet case of Sidis v. F-R Publishing, which parallels the modern debate on children’s privacy. In 1940, the New Yorker published an unflattering exposé on William James Sidis, a child prodigy and national sensation in the 1910s. Once an adult, Sidis tried to separate himself from his past and create a new identity. Sidis claimed the New Yorker piece impeded that aim with libelous claims. The court sided with the publication, citing a “public interest” in Sidis’ past. Just like that, Sidis was denied the “right to be forgotten.”
Sidis takes its legal reasoning from The Right to Privacy, a seminal 1890 article by Louis Brandeis and Samuel Warren. Writing at a time not unlike our own, when “instantaneous photographs and newspaper enterprise” were invading “domestic life,” the two men saw it necessary to address how a right to privacy fit into the U.S., a nation whose founding documents, unlike those of the E.U., left the question of privacy unanswered. Brandeis and Warren concluded that while libel and defamation must be prosecuted, the question of privacy must always be tested against the interests of the public and any speech concerns. Therein lies the fundamental difference between European and American notions of privacy. U.S. law assigns a speech value to any statement made or distributed. That means the image a parent might post of their child is “speech” and therefore subject to First Amendment protections. In Europe, the same online post is personal data and may belong to the child under the DP Regulation. Hence, as Jeffrey Rosen expounds, the Internet itself is seen differently by European law. Overseas, the Internet is a collection of personal data, each datum belonging to someone. Therefore it’s the role of companies like Google to partner with the state to ensure each user has complete control over his or her data. In the United States, the Internet is seen as a collection of speech and therefore any attempt at removing or controlling the Internet clashes with First Amendment protections.
When it comes to child privacy rights, definitions of online content only constitute half the equation. While European law places individual control of personal data above all else, U.S. law tends toward the paternalistic and gives parents control over their children’s online presence. Consider a U.S. equivalent to the European Data Protection Regulations, the Children’s Online Privacy Protection Rule (COPPA). At the heart of COPPA is the idea that the parent should have broad control of their child’s online activity. COPPA requires that tech companies receive “verifiable consent” from parents before collecting personal data from children under the age of thirteen. The parental focus stems from the U.S.’s laissez faire approach to the Internet. While the “verifiable consent” standard is by no means weak, COPPA makes the state a distant overseer as parents, children, and corporations interact with the Internet at their own risk. This view conforms with the right to privacy Warren and Brandeis laid out, one that deferred to whims of the “public” in hopes of maintaining a rich and untouched ecosystem of free speech.
The combination of First Amendment and paternalistic concerns makes prospects of children’s “right to be forgotten” laws slight. Congressman Ed Markey’s attempt to pass the Do Not Track Kids Online Act, an update to COPPA that would establish a right to be forgotten for those under 15, has stalled in the House for eight years. The New York State Assembly faced similar roadblocks when it tried to pass its own “right to be forgotten” law. In short, attempts to establish a right to be forgotten for children are, as of now, legislatively untenable and U.S. legal tradition is likely to keep it that way. But as the children of today discover themselves across the Internet in the years to come, the U.S. will inevitably have to reexamine its right to privacy, much like Warren and Brandeis did in 1890. If history is our guide, the United States will not go the way of Europe and embrace oblivion. Instead, it’s likely to place the growing burden of a child’s privacy on the next generation of parents and by doing so reaffirm its view of the Internet as more than just a collection of personal data but an environment for free speech better left untouched.