Tech-enabled oversight could put innovation at threat

When Mario Costeja Gonzales filed a complaint against Google in Spain, it lead to the creation of the “right to be forgotten.” Technology’s perfect memory challenges traditional legal concepts like bankruptcy law, which relies on human forgetfulness. We need to worry about technology-enhanced regulation, as it could stifle innovation and flexibility in business. We may need a new right to be forgotten in the context of regulation.

This article was first published in The Mint. You can read the original at this link.

Mario Costeja Gonzales was born in the 1950s under Spain’s Franco dictatorship. Which is probably why he grew up to become a lawyer and spent most of his life fighting for causes like freedom of expression. In 1998, Costeja was having financial difficulties and had to put a property he owned up for auction. The Spanish ministry of labour and social affairs ordered that the details of the sale be published in Spanish newspapers to attract more bidders. Eventually, the property was sold, and Costeja went on with the rest of his life.

Ordinarily, that would have been that. Except that many years later, Costeja noticed that whenever someone googled his name, the first thing that popped up was that advertisement in the papers about the forced sale of his property. No matter what he did, everyone who looked him up was reminded of that eminently forgettable phase of his life.

Costeja filed a complaint with the Spanish Data Protection Authority against Google, arguing that the search engine was processing his personal data and therefore, as a data controller under European Union law, it was obliged to remove or erase his personal data on request. After a prolonged court battle that was eagerly watched from both sides of the Atlantic, the court eventually held that when a search is carried out on a person’s name, search engines are obliged to protect the personal data that is displayed and to remove from the search results links to web pages published by third parties that contain information relating to the person.

And thus was created the right to be forgotten.

Even though this right has become an important part of modern privacy law, there are many practical challenges to implementing it. But it is not the purpose of this article to go into any of those issues. Instead, I want to use this case as a metaphor for something entirely different.

Before search engines, we did not need to articulate a right to be forgotten. Human memory is fallible and the law has relied upon this fallibility to achieve its ends. Bankruptcy law is designed to allow the insolvent to get a fresh start. It makes it possible for creditors and shareholders to work out a compromise so that they can recover some portion of their money—and once that happens, for the promoter to start anew. The law is based on the presumption that it is not a crime to fail in business. And it relies on the inherent fallibility of the human mind to offer insolvent promoters an opportunity to make a fresh start. Or at least it did, until this law came up against the perfect memory of the search engine. This is why the European Court of Justice felt that it needed to specifically articulate a right to be forgotten.

Just as technology has given us a memory that never fails, it has allowed us to see with perfect clarity things that were not previously visible. This has been of great benefit to us in a number of different ways, allowing us to make medical diagnoses that were previously impossible, to complete stock market trades with an accuracy not replicable by humans, and to build financial and social products that leverage data for the good of the marginalized and forgotten.

The trouble is that this very same technology that has brought us so many benefits also enables the creation of an all-seeing, never-forgetting regulatory framework that is about to erode long-held assumptions of how businesses operate.

Even in the strictest of regulatory regimes around the world, businesses always have the latitude to make some mistakes. This is not necessarily always a function of venal inspectors. The fact is that for mistakes to be punished, they have to first be detected, and since no regulator has the bandwidth to watch every regulated entity all of the time, companies have always had some wiggle room. While there is no doubt that many businesses take advantage of this to cut corners and make illegal profits, it is also the source of much of the innovation that modern businesses rely on to drive growth. After all, it is this flexibility that grants companies the ability to experiment with new business models without the fear of immediately tripping up against the letter of the law.

The problem with technology that offers regulators perfect clarity is that it will inevitably be used to build the sort of regulatory panopticon that will eliminate every last shred of latitude that the system once had. With technology-enhanced oversight, every mistake we make, no matter how large or small, will be identified and punished. With all-seeing, never-sleeping technology at its disposal, the government will, with minimal effort and near-perfect accuracy, be able to tighten the screws on the entirety of private enterprise and keep firms under strict supervision all the time. And once that happens, all the flexibility that businesses today rely upon to thrive will be gone.

As counter-intuitive as it might sound, we need to resist the urge to widely deploy technology for the purpose of regulation. This means that we may not be able to catch all criminally-minded businesses all the time. But in the overall interests of society, that might actually be preferable over the chilling effect that the deployment of precise technology-mediated regulation will have on our ability to innovate.

That time has not yet come, but perhaps what the world will need soon is a new right to be forgotten. This time around, in the context of technology-enhanced regulation.