Google must remember our right to be forgotten

[Commentary] Last month the European Commission proposed adding a new “right to be forgotten” to privacy law. This deceptively simple idea is a ticking time-bomb in the booming internet economy. It is also essential – both for Europeans and Americans – to protect personal privacy in the age of pervasive social media and cloud computing.

The stakes are huge. Individual users of cloud services should have a legal right to be forgotten that supersedes whatever authorizations they (or their surrogates) granted when they created their accounts. Users should, in other words, have the right to change their minds as they learn the implications of that little box they unthinkingly ticked while signing up for the latest, greatest, cheapest cloud-based information service. Importantly, a right to be forgotten must recognize that the power, as well as the privacy risk, of big data comes principally from the metadata – the information on where, when and by whom the data were created. [Falkenrath is an adjunct senior fellow at the Council on Foreign Relations and a principal of the Chertoff Group]