Date of this Version
Law Library of Congress (United States), Global Legal Research Center, November 2017.
Also available at: https://www.loc.gov/law/help/erasure-online-info/erasure-online-information.pdf.
Comparative Summary by Luis Acosta, Chief, Foreign, Comparative, and International Law Division II, Law Library of Congress (United States), Global Legal Research Center
This report describes the laws of twelve jurisdictions that have some form of remedy available enabling the removal of online data based on harm to individuals’ privacy or reputational interests, including but not limited to defamation. Six of the countries surveyed are within the European Union (EU) or the European Economic Area, and therefore have implemented EU law. Five non-EU jurisdictions are also surveyed.
Comparative analysis across jurisdictions presents terminological challenges, because legal language across jurisdictions seems at times to conflate concepts that could be considered analytically distinct. EU law, for example, uses the phrases “right to erasure” and the “right to be forgotten” synonymously, eliding the difference between the right to remedy incorrect or incomplete data in source documents and the right to have search results delisted irrespective of whether the underlying source material is altered or removed.
As described in detail in the EU survey, the EU’s law in this area emerged from a 1995 Data Protection Directive that gave individuals the right to erasure of erroneous or incomplete data. A 2014 decision of the European Court of Justice expanded on this right to provide for the right to remove search results to personal information even without deletion of that information from the original publication, where the individuals’ privacy interests outweigh the public interest in maintaining the information. A 2016 Regulation that will apply in all EU Member States by May 25, 2018, will codify the 2014 decision.
Most of the surveyed EU countries, in addition to EU law, have parallel domestic law governing harmful online content. The UK, which is slated to leave the EU, nonetheless has pending legislation to update its data protection legislation that will address how certain provisions of the 2016 EU Regulation will apply.
The surveyed countries outside the EU have a range of approaches to these issues:
• Russia has criminal penalties for “invasion of personal privacy” for the illegal spreading of private information about a person, which has been used to prosecute revenge pornography. Its Civil Code provides for the right to demand removal of images improperly distributed on the internet, and under its Law on Information it recognizes the right to be forgotten—the right of applicants to request search engine operators to remove illegal, inaccurate, or outdated search results.
• New Zealand has robust statutory remedies for resolving harmful online content.
• Canadian law provides not only for the processing of complaints regarding privacy and reputational issues through the Office of the Privacy Commissioner, but also for court remedies that include injunctive relief against search engines to delist websites.
• Japanese law allows internet hosting providers to delete defamatory content, provides a safe harbor from liability for such providers, has a mechanism for victims to request the removal of infringing information, and has an easier and faster mechanism for the blocking of revenge porn. It also provides a means by which victims can obtain the identification of offenders from the service provider.
• Israel’s Defamation Law has been applied by a court against Google for failing to change a technical code that resulted in defamatory information in online searches.