California Erasin’: State Law Lamely Addresses Right to be Forgotten

While the EU Parliament may approve Right to Be Forgotten regulations this summer, closer to home, US social media companies have a smaller front in their overall war against the delete button. California Senate Bill 568 gives minors below the age of 18 the right to delete all content they’ve submitted to a web site. But there’s a gaping hole in this bill, involving third parties, that makes it a less than effective data eraser.

The bill essentially says that web site operators must allow teenagers to delete their posts or tweets or other content. Well, sure. Facebook and Twitter already gives you that feature: you can delete your status updates and pictures. Facebook, in particular, though, doesn’t make it easy to delete all your current content with a mythical reset button. Instead, the easiest way to do that in Facebook-land is by closing down your account.

In their cryptic terms of service, Facebook says that when you delete photos and other video IP, “it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).” The latter part seems to have given them more than a little wiggle room, as noted by ZDNet’s Zack Whittaker.

And then a little later, Facebook makes the point that once you let applications access your data, you have to grapple with their own terms of service.

And this is where the third-party loopholes start making a difference. So if you’ve shared, say, photos with an app, it’s up to the app to respect your privacy. This is spelled out by Facebook in their Data Use Policy, and specifically the section on “other websites and applications”: Facebook informs its users that they’ll have to contact the app service and explicitly ask them to delete their personal information.

And what does the California SB 568 have to say about third-party uses of personal information from a social media operators? It goes out of its way to state that if a third-party receives the data–keep in mind that this law is supposed to protect minors–then they are under no obligation to delete the data.

And I won’t go into all the marketing scenarios–where your personal info has been sold to third parties–that are not covered by the California law.

The EU’s proposed changes to its Data Protection Directive, which by the way has attracted the attention and wrath of Facebook, Google, Yahoo, et. al., does attempt to close off these leaks.

The California law? Not anything Mark, Larry, and Marrisa will lose any sleep over.