What can facts can investigators gather without violating a person’s privacy? The answer we like to give is: whatever the law allows us to gather, but that doesn’t fully answer the question.
For one thing, privacy means very different things to different societies.
Criminal records are public records in the U.S. and Canada, for instance. But in the U.S., we are not allowed to do a criminal background check on a person applying for a job, under terms of the Fair Credit Reporting Act, until that person has consented to such a search. Even after that consent, some states such as California forbid a complete criminal check. You can go back a specified number of years, but no further.
In Canada, criminal checks are OK, but in some jurisdictions you can’t do a search by a person’s name. Instead, you need to know the case they were involved in. You can then look up the case and read all about it.
In North America and the U.K., you can find out who owns a piece of property and usually how much they paid for it and whether the place is mortgaged. Elsewhere, that kind of asset information is off-limits. In the U.S., you can’t get someone’s tax returns without their permission. In Norway, tax returns are on line for everyone to see.
Just this week, the European Union’s fact finder had to decide the meaning of a Spanish law that establishes the “Right to be Forgotten.” We wrote about this awhile back in The Right to Privacy on the Web. At issue currently is a Spanish man who doesn’t like the fact that an old legal notice that he was delinquent in paying taxes keeps showing up on Google. Did Google have the obligation under this law to remove all links to the old Barcelona newspaper notice of this delinquency?
The E.U. fact finder said no, because as the New York Times reported, “Google merely aggregated information on the Web and was not a “controller” of information, it was not the legal entity that must comply with the provision of the law in question.”
By this reasoning, if anyone else were to find this notice and report on it, presumably they would not be violating the Spanish man’s privacy, but on a theory that’s a little murky. Who is the “controller” of information that is already in the public domain? The Spanish tax authorities can’t retract a notice once issued. They can correct it and say that it was issued in error, or they can record the fact that a tax lien was satisfied, but how can you erase knowledge of the one-time existence of the lien?
More troubling was the fact finder’s assertion that the 1995 law guaranteed a right to be forgotten “only in cases where information was incomplete or inaccurate, which was not at issue in the Spanish case.”
The “inaccurate” part easy enough to understand. If the lien was issued and then retracted due to error, the idea that you would report the issuance but not the error and retraction could be seen to be damaging to a person’s reputation.
But what about the right not to have information reported unless it is “complete”?
Most people who answer a criminal or civil complaint have a story to tell. In reporting an alleged civil or criminal wrong in Europe, are we obliged by law to report a “balanced” accounting that includes both sides of the story? Who is to judge whether the reporting of the two sides of a dispute is “complete?”
Simple in concept it may be, but the “Right to be Forgotten” is a hellishly complicated thing to administer.