From Volume 90, Number 5 (July 2017)
This Note argues that fragmented free expression laws across European member states and data controllers’ ability to select their reviewing supervisory authority give U.S. data controllers latitude to exploit the privacy-expression balance in favor of the U.S. prioritization of expression. Whereas the current literature revolving around the right to be forgotten and the GDPR focuses on reconciling and converging transatlantic values of privacy and free expression, this Note examines the mechanisms of the European Union’s assertion and imposition of privacy values across the Atlantic through the right to be forgotten and the right to erasure and describes weaknesses in the GDPR that may undermine those mechanisms.
Part I outlines the diverging paths that led to the rift in data protection policy. Part II details how the experimental implementation of the Google Spain right to be forgotten preliminarily exported the European privacy scheme across the Atlantic, previewing the potential impact of the GDPR’s right to erasure. Part III outlines the provisions of the GDPR that thwart the right to be forgotten as a tool of imposing EU privacy values on U.S. data controllers. The Conclusion prophesies the ultimate effects of the Regulation on American privacy values, given the Regulation’s flaws.