I understand that HN is on the side of absolute freedom of expression which entails that if anything has been public once, it has a right to stay to public till the dawn of times, so I hardly ever comment on these matters. I'm French, and I definitely do not agree with this opinion.
In 1978, the french government proposed to cross-reference (through digitalization) many of its databases (birth registry, healthcare, retirement fund, driver's license…). It encountered a very strong resistance from the public, mostly because of an news article in one the biggest newspaper (Le Monde) titled "SAFARI [the name of the project]: the hunt for french citizens" (la chasse aux français). Needless to say that such a system would have been a blessing for the German administration during WW2. It was 1978 and WW2 didn't seem that far away, either your generation or the one of your parents lived during the war. That's how France ended up with a law (Loi Informatique & Libertés) that regulates what one can do with databases storing personal information.
How's that related to the right to be forgotten? Bear with me.
This law (and up to minor differences, the EU directive on the matter), makes explicit what I consider to be a very smart and important idea: "purpose of data" (finalité des données). Basically, before you're authorized to store personal data (like email adresses, names, phone numbers, IP addresses[1]), you have to state what the purpose of this data is (to who and how is another matter, but that's not too difficult). Also, data should only be stored for a specific amount of time. This duration is determined by the purpose of the data. For example, if you have a database of all the people that used to be registered to your {nodejs,rails,lisp} newsletter but aren't anymore, you cannot keep that data for, say, 10 years. 10 years doesn't make sense given the purpose of your data. Note that if you anonymize the data, you're good to go. On the other hand, if you have medical data on cutting edge treatment of cancer, you may want to keep the data for 30 years if you need to contact a former patient when you discover longterm side-effect of your drug. And in this case, it's fine.
You may start to see where I'm going. We have basically the same idea in the right to be forgotten. Yes, it impedes freedom of speech as american people think of it. Sure. But, you know, in Europe, we have a different freedom of speech, which also traces back to WW2. I can't go around saying that I hate black people and that I'm a nazi. I'm gonna be fined/thrown in jail for doing that. And a vast majority of Europeans do agree with that. Basically restrictions are nothing that promotes hate/racism and libel (you can't say that somebody's a serial killer before he's convicted for example.)
And you may think I'm backwards, turning away from the blinding beauty of technology (right to be forgotten? that's not how the internet works!). Thinking that Freedom of speech as the US knows it is the way to go everywhere is universalism, pure and simple. So, please remember that countries and people have a history.
Yep, the internet doesn't work that way. And I am aware the I can host my server in some random third world country and get away with mostly whatever I host. Or I can use a tor hidden service. But that's not the point. 99% of these cases will be about data hosted by legitimate businesses, which have a name and address and that will be compelled to remove the data. In my opinion, the slope isn't that slippery. After all, you'd be hard pressed to consider EU countries as being way too censorshipy (?) — in general, not just when talking about Internet.
And yes, law will always be stupid when you pit it against technology. But unless you advocate total deregulation, it's a matter of how much idiocy you can accept.
Finally, a thought on jurisdiction: european judges consider that they have authority if the intended public is european. So yes, google.es, google.co.uk and such are subject to european law. Wether or not google.com is subject to EU law has not been tested in court (it probably has, but I can't remember any specific case), but even in this case, it would be perfectly acceptable (from the court standpoint) to alter google.com for EU IP addresses and leave it untouched for other addresses. So, no, nobody's gonna tread your freedom.
Ironically, I don't really have an opinion on Freedom of speech (US vs EU). But I find that the EU has struck a nice balance when it comes to that. Knowing that companies must destroy data that has my name attached to it when it's not relevant anymore is very appealing.
In the end, the US and the EU, in this case, disagree on principle, which are like axioms. You can't prove me that one is better (in the general framework of modern civilization, ie, let's say The Universal Declaration of Human Rights, to keep it simple.)
[1] this one is tricky, but this comment is already long enough
I would say Europeans in general have a different understanding of freedom. In the US the concept is usually always you have "the freedom to..." whereas in Europe there is often something more like "the freedom from...". Yes, I realize that you can pretty much write every freedom so it becomes the other, but when you actually think about it and not try to nit pick that's pretty accurate.
In general I feel like in Europe there is not this holy grail of abolute freedom like in the US. It's often limited by personal rights, privacy etc. Americans don't seem to understand that this isn't just the EU on some kind of acid trip, but that Europeans simly have different values.
I'd like to see a European country that tries to censor where its citizens can go, where money determines the outcome of elections and that's not an actual democracy go out and preach to other countries about how 'free speech' is more important and therefore its citizens are more free than those of other countries around it.
Freedom is an absolute in theory only, just about every country in the world loses out on one or more dimensions of it but somehow the US has the general idea that it and it alone is somehow the bastion of freedom.
Well it's not a question of which one is better (although I know where I side on that one), it's a question of whether or not the EU principles will be allowed to extend to servers operated out of the US.
Yeah, I know, but I shamelessly piggybacked on this thread to write a comment I wanted to write for a long time. Anyway, it's often more a matter of intended public and where the company is registered than a matter of where exactly the servers are.
I think your emphasis on the "purpose of data" is spot on, and I agree that it's very much needed in this age of "big data" when data collected for one purpose can be easily stored, crunched, and used for completely different purposes. The U.S. sorely needs a similar guideline, if not a hard law.
But this has nothing to do with free speech in general. The two issues are orthogonal to each other. They're not "basically the same idea". It's entirely possible for a country to regulate the direct collection, use, and distribution of personal information in one way, while regulating free speech in general in another way.
My phone company's collection of my personal information has little to do with free speech, it's a contractual obligation that they incur in exchange for getting my information. It's just like when Hertz rents me a car and tells me "you can only use this car for 7 days, you can't use it to drive for Uber, and you can't sublet it to other people." Hertz can charge me a hefty fee if I use the car in a way that they disallow. Similarly, I can sue my phone company for damanges (or have the government fine them) if they use my personal information in a way that I disallow. And if the law provides standard rules on what is allowed and what is not, well, that could be convenient for all of us.
On the other hand, if someone publishes embarrassing facts about me on their website without my permission, now that's a matter of free speech, and whether or not I can tell them to delete those posts should depend on how much actual impact those pieces of information are expected to have on my life and the lives of people around me, as well as the potential impact that a system of censorship might have on the general quality of public life in the country. It's probably a good idea to let citizens hide the list of sex toys they bought. It's probably not a good idea to let the President hide the list of bribes he took.
Since these judgments are cultural, reasonable people can disagree about them. In America, flying a Nazi flag doesn't count as a harmful thing, only a disgusting thing. In Germany, due to its unique history, it's considered a very harmful thing. But I don't think this shows any disagreement "on principle". Both agree that harmful speech is not protected; even in America, you can be punished for shouting "Fire!" in a crowded theater. Different cultures simply have different ideas about what is harmful.
Again, this has nothing to do with the usual collection and use of personal information that your excellent "purpose of data" law is concerned with.
Just to make things clear, I agree that these 2 concepts are somewhat orthogonal. But in the history of law in EU, that's how one lead to the other, which was my point. It's the idea that data doesn't exist in vacuum, but is always tied to something or somebody and that the rightful owner has a say on how it's managed.
I agree that these things should be decoupled, though.
As for limits to the right to be forgotten I can't find sources right now, but I'm pretty sure that you can only invoke this right on things related to "private life" (ie not public figures).
What's interesting and disturbing about your comment is that you barely touch on what is supposed to be the whole purpose of the law - privacy. I think you understand that this is all about censorship, but still support it.
Censorship contradicts freedom. To me its that's simple.
All laws contradict someone's freedom. So the issue is always more nuanced than that.
Super comment, thank you very much.