I've written about internet privacy concerns several times before on my blog, and I recently ran across another privacy issue that I hadn't seen pop up before: the right to be "forgotten." It poses some interesting questions for organizations, especially those that own and operate social networking communities.
It turns out that the European Union has some rather interesting views on a person’s data privacy rights; the EU long ago laid down directives pertaining to what conditions under which personal data may be collected, how it must be secured, and how citizens have the right to correct erroneous data. (Although codified, the directives are non-binding, and privacy laws in Europe still do vary from country to country.)
Spain, for instance, has established a Data Protection Agency to monitor and enforce their data privacy laws. Recently, it ordered Google to remove links to material about 90 or so people (Google gets asked to remove links all the time and generally ignores them). This "right to be forgotten" has just surfaced in the last few years as search engines have become more effective at collecting and indexing information on the web. Information (both old information and erroneous information) is now much more easy to find, so people in Spain at least are starting to bring lawsuits to have search engines remove links to the information that they find objectionable.
This poses some interesting issues for organizations that run social networking sites. If people register as members, participate for a while, and then decide to leave a community, do they have the right to tell the community to delete all their information? This would include not only their username and other personal information they shared, but also all of the content they had ever generated (forum posts, blog posts, comments, funny cat pictures, links to YouTube videos, etc.) while they were a member of the community?
I'm pretty sure that people in Spain (and probably most of Europe) would unequivocally say "yes," while people in the United States would most likely say "no." After all, there are disclaimers on most social media sites (Facebook, Twitter, MySpace, Quora, etc.) that basically state that any content you choose to share with the community is owned by the community, and by posting the content you are implicitly giving the community the right to collect it and use it as they see fit. (Privacy policies are continually evolving, but pretty much all the social media sites I've seen take the position that if you post it, they own it.)
It also poses some interesting challenges for operators of commercial social networking sites domiciled in the United States. What if someone from Europe joins your community? After all, most sites don't go to the trouble—yet—of figuring out where someone is accessing their community from so they can apply different privacy rules (plus, even if you try there are lots of tools that let people “spoof” or hide which country they are from). Big sites like Google and Facebook who do a massive amount of business internationally may be willing to bend over backwards to appease local laws (assuming they wish to continue to do business in those countries (cough, cough, Google, cough China). But I doubt commercial owners of social sites (intended for customers in the United States, for instance) that don't do business in Europe will be overly concerned if they receive a notice that someone in Spain is suing them.
Just for fun the next time you log into your social networking site, see if you can figure out if they’ll let you delete all your content when you leave. If they don’t already, social networking sites might someday have to transition from their current “forget me not” attitude to “forget me now.”