126
PRIVACY AND SURVEILLANCE 2013
to face and deal with. The European data protection framework required at least
“some maintenance”, if only because it was conceived and adopted before the ex-
plosion of the Internet and the impacts of the explosion on economy, society and
every-day life.
This paper addresses the question if the Draft-Regulation presents an adequate
and efficient response to the challenges that technological changes pose to regu-
lators. We discuss the efficiency of the legislation in force and the impact of PETs
and the concept of privacy by design on the enforcement of data protection rules.
In this context we focus on the “right to be forgotten” as a comprehensive set of
existing and new rules to better cope with privacy risks online in the age of “per-
fect remembering”. This new right seems to be one of the main pillars of the new
European regulatory approach (Castelano 2012, EDPS 2011a). It is condemned
by some authors as a new instrument of censorship (Rosen 2012).
We discuss the normative as well as the technological perspective of this right.
We try to point out the technical prerequisites and/or requirements to achieve
the goal of providing individuals with the right to make information about them
less accessible after a period of time and enjoy forgetfulness and a right to re-
start. We discuss different methods for implementing the right of individuals to
delete personal information about them that are held by others: in particular we
suggest that a multifaceted approach, including legal regulations and technical
controls is essential.
2. Data Protection Law: Need to change?
The EU’s Data Protection Directive, adopted 17 years ago, has indeed been a mile-
stone in the history
of personal data protection with worldwide impact and influ-
ence
4
. The Directive can be credited with creating one of the world’s leading para-
digms for privacy protection (Robinson et al. 2008). However, despite the substan-
tially positive track record and general acceptance of the Data Protection Directive,
certain aspects have been criticised and its efficiency (has been) contested.
Criticisms from within the EU have often focused on the – “useless” or “burden-
some” - formalities imposed by the Directive, on vague definitions and unclear
rules, on cumbersome and outmoded rules and tools concerning data transfer to
third countries. Even if the Directive has successed in accomplishing a certain
4. Both with the intensification of transborder data flows, the adoption of the Data Protection
Directive forced to start an international debate about adequacy of protection and it acceler-
ated the adoption of respective legislation in other countries and world areas. For an updated
overview of the legislative developments and current situation all over the world see Gürtler
(2012) p. 126 ff.
