The Right to Privacy and the Right to be forgotten by the Internet

We are living in a world where there is no such thing as absolute privacy. With the increasing popularity of Social media, most Ugandans now have extensive digital footprints comprised of Tweets, Facebook posts, LinkedIn profiles, Instagram photos, and other material they share online.

While we may think our web searches, browsing history, and email archives are private, this data is often one of the most valuable assets for companies like Google.

We still do not have clear answers to basic questions such as: Do people own personal information about themselves? How can they control or limit how companies (and governments) use it? To start, there are complexities around the fundamental issue of information “ownership,” particularly ownership of personally identifiable information. One cannot be said to actually own information about one’s self. Information relates to you, is connected to you, or is of you.

Even if we consider personal information to be a form of property over which individuals should have full control, the exercise of this control is complicated by the legal concept of possession. If an owner rents or leases his house to a tenant, he still owns the property but it is now in the tenant’s possession. While the landlord may set parameters for its acceptable use, he cannot really control what happens to the house and will have to turn to the law to punish renters who misuse the property.

Because personal information can be easily replicated it is very difficult to protect. While one can exclude others from physical property through fences, locks, or, armed guards, it is much trickier to control information in a digital environment.

Social media sites like Facebook, Tumblr, and Twitter all require users to submit certain identifying information and have privacy policies governing how that information may be used. Unfortunately most users do not read these policies and just accept the terms inadvertently signing over their rights.

In Europe, the Europe convention 1981 opened the floodgates to countries specifically within the European Union to enact specific laws to address the issues of data security. In 1995, the UK, thus eventually adopted directive 95/46/EEC which required all member states to recognize the right to privacy with respect to the processing of personal data.

While Uganda is yet to wake up and smell the coffee, Europe has once again made strides towards fortifying the right to privacy. The European court of Justice recently confirmed the “right to be forgotten” and said Google must delete “inadequate, irrelevant or no longer relevant” data from its results when a member of the public requests it.

The case was brought against Google Spain by a Spanish man, Mario Costeja González, after he failed to secure the deletion of an auction notice of his repossessed home dating from 1998 on the website of a newspaper in Catalonia.

Costeja argued that the matter, in which his house had been auctioned to recover his social security debts, had been resolved and should no longer be linked to him whenever his name was searched on Google.

The ruling established that search engines must be regarded as “data controllers” and take responsibility for the content that they link to and may be required to purge search results even if the material was previously published legally.

This ruling could give the go-ahead to deletion requests of material including photographs of embarrassing episodes and even insults on social media websites. It is certain that such a ruling would be welcomed by many in Uganda that have fallen victim to negative publicity as a result of their indiscretions.

Public personalities like Desire Luzinda whose nude photographs were leaked could benefit from the ruling. Although the Anti- Pornography act comes into play to protect the victims. But without strong privacy laws, the Ethics Minister’s attempt to restrict sharing such information will be a tall order.

Perhaps for now it is incumbent on all consumers to be circumspect with respect to whom they allow access to their data.

Government must recognize the inherent danger in the collection and retention of personal information and protect citizens – and empower them to protect themselves – from both corporate and its own interests. In the meantime, the few smart lawyers who offer reputation management services to those who can afford will seek to reap from developments in this area of practice.

Kenneth Muhangi

Partner - KTA Advocates
LLB Hons (UCU) LLM (Wales) Dip Lp. LDC
Technology, Media, Telecommunications & Intellectual Property Law Practitioner

All author posts