The Right to Erasure: Privacy and the Indefinite Retention of Data

Source: Alexander Tsesis, Loyola University Chicago School of Law Research Paper No. 2013-11/30, November 30, 2013

From the abstract:
This article scrutinizes invasive cyber business practices and advocates passage of the proposed European Union right to erasure. The proposed regulation would prevent the indefinite storage and trade in electronic data, placing limits on the duration and purpose for which businesses could retain it. Currently in the United States, anyone transmitting personal content on the Internet has minimal control over its future uses by vendors and third parties. While businesses have legitimate reasons to use data in their day-to-day operations, a statutorily defined expiration period is necessary to preserve the data subjects’ dignitary and autonomy rights. Consumer oriented legislation should prevent indiscriminate capitalization in data initially divulged for specific transactions, such as making purchases or engaging in social networking, but later bundled by third parties for unrelated purposes.

Part I of this article describes the many forms of data mining that organizations engage in to track on-line and off-line behaviors. The practices are particularly pervasive on social media, which present themselves as platforms for interpersonal communications but also market and trade personal profiles to third parties. Subjects retain little control once they have posted their data, even if they bethink the decision to make information public. Part II evaluates how Internet architecture leaves personal data vulnerable to snooping and surveillance. Part III elaborates on European data regulations and compares them to current United States self-help controls. It further argues for adoption of the EU’s right to erasure initiative and discusses the likelihood of its enforcement in the United States.