On May 13, 2014, the European Court of Justice backed the “right to be forgotten” in a test case privacy ruling against Google Spain. The ruling required search engines and Internet service providers（ISP）to delete “inadequate, irrelevant or no longer relevant” data from its results upon the request of a member of the public.

Legal basis for right
The right to be forgotten was established on the basis of general personality right and self-determination right in civil law countries, and privacy rights of concrete personality right.

The right to be forgotten is characterized as a private right aimed at avoiding the dissemination of harmful information. In the realm of tort law, privacy infringement conflicts with public interest and the public’s right to know. Privacy rights are powerless in the face of the public’s right to know. Many Americans scoffed at the European Court of Justice’s Google Spain judgment. They held that the establishment of the right to be forgotten will infringe on the public’s right to know, fearing it doesn’t protect freedom of speech and public scrutiny.

In addition, technology neutrality is important in cyber law. Only by adhering to the principle of technology neutrality can people’s long-term interests be ensured in the network era. The establishment of the right to be forgotten will inevitably cause ISPs to bear more responsibilities. This not only violates the principle of technology neutrality, but may also infringe more upon individuals’ freedom of expression and the public’s right to know.

Protection for network users
Despite the aforementioned points, the right to be forgotten should become a basic right of Internet users in the context of big data.

The right to be forgotten aims to safeguard users’ data. In the era of big data, ISPs compete with each other in profiting from data. Users are the main source of data, ranging from registration materials and identity information to network activity.

ISPs strive to attract more users and preserve more detailed data records because users’ data has strong commercial value. Users struggle to know how much of their individual data, besides basic personal information, is held by ISPs. Meanwhile, ISPs collect data mainly by means of cloud computing and background encryption, so users can’t figure out what aspects of their network activity is being monitored.

ISPs can eradicate technology neutrality with their technological superiority. Laws should therefore protect users’ interests, or else the era of big data risks ushering in the mass mining of individuals’ data.

Efforts to protect data
The right to be forgotten may become an effective means to prevent ISPs from plundering data. Firstly, it requires ISPs to remove malicious programs. After users delete related software or programs, ISPs should stop collecting or utilizing their data, including cookies, in accordance with their willingness.

Secondly, the right to be forgotten ensures technology is open to users and protects their right to know. Relevant government departments should bear the responsibility of publicly testing technology. Screening and legislation targeting illegal functions in mobile applications, or apps, are urgently needed.

Thirdly, the right to be forgotten requires ISPs to avoid requesting certain personal information upon registration and to wipe data after users stop using a software or online service.

Fourthly, the right to be forgotten endows users with the right to ask ISPs to delete their own data diverted by the open platform. Users and ISPs all have the obligation to timely remove related data upon request.

The aforementioned analysis concerns the value of the right to be forgotten in the big data era. The right to be forgotten is a right based on individuals’ privacy, and is a legal duty for ISPs.

The author is an associate professor at China University of Political Science and Law.

Translated by Yu Hui

Revised by Tom Fearon