Law in the Internet Society

Does the Law make the Internet "dumber" than it is?

-- By EricN - 04 Oct 2019

Privacy Legislation

In recent years regulators all over the world, especially in the European Union (EU) have increased their efforts to enact data privacy laws. While some would say, the "Right to be Forgotten" marked the end of free speech and the modern internet, others endorse the necessity of strong internet privacy laws. Do the current legal proceedings make the internet "dumber" than it technically is?

What does this question mean? It's utterly obscure to the reader who doesn't already know what you think. That discourages the reader from pressing on.


The origins of the "Right to be Forgotten" (hereinafter "RTBF") are rooted in a landmark case in the data privacy landscape, namely Google Spain SL, Google Inc. v Agencia Española de Protección de Datos (AEPD), Mario Costeja González.

You are not using markdown correctly to make links. You can see from the rendered page that you're not getting what you want. Look again at the reference documentation. I replaced the link above with the correct markdown, and you should fix the rest.

Mr. González sued Google, alleging that the results of the search engine led to disadvantageous newspaper articles, which allegedly were no longer relevant and were damaging his reputation. The European Court of Justice ("ECJ") ruled that the right to request the removal of inaccurate, excessive or irrelevant links arises from a fundamental right to privacy which is to be weighted higher than the economic interest of a commercial firm such as a newspaper or even, in some circumstances, the public interest in access to such information.


The concept of the RTBF was then embedded in the European General Data Protection Regulation ("GDPR"), the comprehensive European Law on data privacy which came into force in May 2018. According to article 17 of the GDPR, any "data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay", which means any user can request the deletion of his personal information on a website within the jurisdiction of the GDPR. Although there are certain exceptions, this poses a significant challenge to any website operator.

United States

In the US, the Cambridge Analytica scandal effectuated various changes in the US data privacy law landscapes, including the California Consumer Privacy Act (CCPA), which is currently the most comprehensive data privacy law to be enacted in the US (The Act goes into force on January 1, 2020). Some call this shift in public awareness towards data privacy legislation as the "great privacy awakening" ([http://...][]]). In 2018, the number of Americans who think Tech companies need more regulation and should be made liable for breaches of their user’s data privacy rose to 83 % (from 49 % in 2017), as a recent national representative survey showed ([http://...][(].


It will be interesting to observe the consequences of the CCPA, which was designed to enhance the privacy rights of Californians. Although it is commonly thought of as a similar version of the GDPR, it differentiates itself from its European counterpart in several questions and of course, the Act is not uncontroversial ([[http://...][(]. With the "Right to Erasure", the CCPA will contain the Californian interpretation of the RTBF and the law grants affected consumers the right to request deletion of their personal information from any company subject to the CCPA. As its European counterpart, the right does not apply unlimited and there are certain limitations (A list of limitations can be found here: ( Yet, it can be expected that Californian companies will face similar difficulties as GDPR affected companies, in actually complying with such deletion requests of affected consumers / data subjects. This can pose various operational challenges in actually deleting all personal data of a requestor (just think about complex IT architectures with automated back-up hard drives, cloud storages, etc.).

Judicial Application


In recent weeks, two noteworthy cases illustrate how the EU is still determining the scope of the RTBF and both cases affect US tech giants.

On September 24, 2019, the ECJ limited the geographical reach of the RTBF. The French privacy regulator fined Google after it rejected a directive to globally remove search results which contain defaming information about a person. The ECJ then held that the internet is a global network without borders, yet numerous third States do not recognize the RTBF and no country should be able to impose rules on citizens of another country. The ECJ concluded that there is no obligation under EU Law for search engines to carry out de-listing requests outside the EU, or as the Court remarkably said: "The right to protection of personal data is not an absolute right" and so the RTBF does not apply outside of the EU (

Only two weeks later, however, the same Court held on October 3, 2019, that Facebook can be forced to delete content worldwide. This judgement was made after an Austrian politician sued Facebook Ireland Ltd., to remove comments about her, which an Austrian Court determined to be defamatory, on Facebook. The Court held that a EU member state court can order a host provider to remove information which previously was declared to be unlawful worldwide within the framework of the relevant international law. This decision could let objective viewers believe that the EU is nonetheless trying to implement the RTBF as a global regulatory internet standard and it has to be seen, how this decision will heat up the discussion of free speech versus privacy.


A recent case demonstrated why the RTBF does not (yet) work under current US Law. In Yury Mosha v. Yandex Inc., S.D.N.Y.,18 Civ. 5444 (ER) Mosha claimed that the Russian search engine would defame him and after an unsuccessful trial in Russia, Mosha filed a claim in New York against the US subsidiary of Yandex, Inc. The District Court granted the defendant’s motion to dismiss, based on the immunity of Yandex, Inc. under the Communications Decency Act ("CDA"), 47 U.S.C. § 230, holding that internet search providers are interactive computer services and as such, may rely on the immunity granted under the CDA. It will be interesting to see if this line of argumentation may be upheld in California in 2020.

You haven't said anything that explains your initial question. You have described some legal material, but beyond summarizing the material, you have added no analysis of your own and have not presented an independent ideal, or framework in which to understand the material you describe. The primary route to improvement of the draft is to figure out what your idea is here. Put it at the top of the essay, clearly, in a sentence or two, so the reader knows what idea you want her to acquire. Then provide only the references and the details of the legal material necessary to show how you came by and support your idea. From a draft of that type we should be able to make further rapid progress, once we are clear what your particular idea is.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 29 Oct 2019 - 22:44:13 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM