The modern innovators of Internet human rights are not U.S. leaders or bold Silicon Valley entrepreneurs. They are stodgy bureaucrats, politicians, and lawyers in Brussels, Berlin, and Strasbourg. As the National Security Agency (NSA) and American firms have relied on sucking up massive amounts of data to observe citizens and create and serve consumers, the European Union has fought to establish privacy rights. Over the last ten years, however, the EU initiative seemed to be on the ropes as the United States pressed Europeans to water down their privacy protections in a number of key sectors. But now, the tables are turned.
This month, the European Court of Justice, Europe’s closest equivalent to the Supreme Court, ruled that Google must delete search results linked to the name of a Spanish citizen that the citizen had found outdated and upsetting. The ruling obliges Google and other Internet firms to respect a limited version of the “right to be forgotten” -- the right to have certain kinds of information, such as former debts or inappropriate photos, removed from the public sphere. In its most extreme form, an individual could request that search engines remove all links to their name, making them virtually anonymous in the Internet. The right to be forgotten will be enforced by national data protection authorities, for example by the Federal Commissioner for Data Protection and Freedom of Information in Germany or the Information Commissioner in the United Kingdom.
The ruling could transform e-commerce and privacy in the digital age. To begin with, the European Court of Justice has challenged the very business model of U.S. e-commerce firms, which use vast pools of personal data to sell ads and model consumer behavior. After the ruling, doing so will become increasingly difficult in the important European market. Facebook alone booked nearly $500 million in ad revenue in Europe in the third quarter of 2013, making it the second biggest market after North America. With the rise of privacy concerns in