2015 IGF 인터넷거버넌스포럼 참가 후기
글 | 김가연(오픈넷 변호사)
일시: 2015년 11월 9일 – 11월 14일
장소: 조앙 페소아, 브라질
○ 11월 9일 월요일(Day 0)
참여세션: 디지털 인권을 위한 기업 책임성: 국제적 연구 및 활동 네트워크 만들기(Corporate Accountability for Digital Rights: Building a Global Research and Advocacy Network)
– 주최: Rebecca MacKinnon, Director, Ranking Digital Rights, New America Foundation
– 세션 소개
○ 11월 11일 수요일(Day 2)
참여세션 1: WS31 잊혀질 권리 결정과 그 함의(The “Right to be Forgotten” Rulings and their Implications)
Mr Sérgio Branco – Instituto de Tecnologia e Sociedade do Rio de Janeiro
Ms Marianne Franklin – Internet Rights and Principles Coalition /Goldsmiths (University of London, UK)
Mr Hernán E. Vales – Office of the United Nations High Commissioner for Human Rights
– 김가연 변호사 발표 내용:
KELLY KIM: This discussion on the right to be forgotten is very important especially in Korea, as the Korean Communication Commission, which is FCC of Korea, is considering adopting a right-to-be-forgotten law since the ECJ decision Google Spain came out. It hasn’t been particularly successful yet, but we are worried that we might become the first country to have the right to be forgotten statute, on top of rigorous online censorship carried out by an administrative agency called the Korea Communications Standard Commission which is taking many lawful contents down whenever it’s “necessary for nurturing sound communication ethics.” a standard as vague and amorphous as the standards used by the Google Spain decision: ‘excessive’, ‘obsolete’, ‘irrelevant’.
Data Protection law in general defines “personal Information” as information related to a living individual and gives the data subject the power to control his or her personal data. A tenet that “one owns data about him or her (and therefore should have control over that data)” sounds good but is not always sustainable and compatible with respect for others’ freedom of thoughts and expressions. For example, “Kelly Kim is a lawyer” is data about me that is known to many already. And the question is, when and under what grounds can I control this perfectly lawful data about myself, that resides in other people’s heads, that is non-defamatory and non-privacy-infringing?
Well, the Google Spain case was one answer to that Question, which we consider more or less lousy. One reason is that the information deindexed, which was a hyperlink, was already publicly available data, which was published in the newspaper. So applying data protection law on such information is against its original purpose, because the data protection law was meant to protect data that are not publicly available and thus within the privacy area. We wanted to protect privacy through a data protection law. We should not protect people’s desire to wipe out unfavorable or embarrassing information about themselves.
Let me give you an example on how the right to be forgotten can be abused.
Korea became independent of a 36-year Japanese colonial rule in 1948. Many Korean people collaborated with the colonial administration and exploited their fellow Koreans.The issue is current because, unlike Germany or France, there has been no government-sponsored efforts to indict and bring to justice those collaborators who number in tens of thousands. And many were not public figures during the colonial periods and they have never been. Some of them were the officers or civic servants who carried out the military logistics and tactics of the Japanese invasion through Asia, which reached as far as Myanmar. And now there is an NGO-led effort to keep the encyclopedia of these Korean collaborators. Of course, the collaborators and the descendants are contesting these efforts. So, in this case, if the right to be forgotten law in the sense of Google Spain is in place, any links to the encyclopedia or the entries themselves may be required to be taken down for the reason that their past wrongdoings are now obsolete because it was more than half a century ago.
So we should stop talking data ownership and start talking about privacy. And the right to be forgotten should not be applied to data that are publicly available, although it’s about an individual. Thanks.
참여세션 2: WS60 ICT 기업의 디지털 인권 순위 측정(Benchmarking ICT companies on Digital Rights)
참여세션 3: WS142 잊혀질 권리 사례들에서 우리는 무엇을 배웠는가?(Cases on the right to be forgotten, what have we learned?)
– 김가연 변호사 발표 내용:
KELLY KIM: This discussion on right to be forgotten or the right to be de-indexed is important for Korea as Korean government and the Korean Communication Commission, which is the U.S.’s FCC of Korea is considering adopting a right-to-be-forgotten law since the ECJ decision Google Spain came out. However, it hasn’t been particularly successful yet because right to be forgotten in a broad sense is very widely recognized in Korea already.
Firstly, we already have a law under which an individual can compel intermediaries to take down information that is allegedly defamatory or infringing on privacy. And what makes this law similar to the right to be forgotten is that information is required to be taken down simply upon allegation short of any proof of infringement. So every year, more than 200,000 postings are being taken down by the intermediaries, simply for a reason that that data subjects do not like the postings about them. Marianne just mentioned stats from Google that last year like 228,000 requests were received. So you can tell how bad the situation is in Korea. and that means we have that many individual cases that year.
Secondly, we also have an administrative agency called the Korea Communications Standard Commission, which exercises rigorous online censorship. Korea Communications Standard Commission is empowered by the law to make takedown requests on even lawful contents, whenever it is “necessary for nurturing sound communication ethics.” Any lawful content can be taken down by the Korea Communications Standard Commission if it violates the standard. This is a standard as vague and amorphous as the standards used by the Google Spain decision: which are ‘excessive’, ‘obsolete’, ‘irrelevant’.
Thirdly, we have criminal defamation law that punishes even non-privacy infringing, truthful statements, which allows a data subject not only to request takedown but also to criminally punish others for saying bad but true statements about him or her.
And fourthly and finally, you also have data protection law that may or may not give a data subject a blanket authority to demand data erasure about him or her. Well, apparently there aren’t many such requests made, so we don’t have a court case yet.
I just want to underline that if we limit right to be forgotten only to de-indexing from the search, okay, we don’t have any case yet. However, we don’t need a such right in Korea because there are many legal tools that I just illustrated that are used to expunge online information that you don’t like.
So we want to protect privacy through data protection law. We should not protect people’s desire to wipe out unfavorable or embarrassing information about themselves. Think about a word where only favorable or delightful information about a person lasts. I don’t want to live in that world. Thank you.
○ 11월 12일 목요일(Day 3)
참여세션: WS169 인터넷 관측소 설립: 접근법과 도전(Building Internet Observatories: approaches and challenges)
Diego R. Canabarro / Carlos Affonso de Souza – Brazilian Internet Observatory, Multistakeholder Initiative
– 김가연 변호사 발표 내용:
KELLY KIM: Open Net is a Civil Society Organization fighting for digital rights in Korea. We are supporting the Korea Internet Transparency Report project, which is very well staffed as we have one full‑time lawyer. The methodology of the project is, we gather all legally available data on government requests related to internet transparency, which are online censorship and surveillance. And then we analyse the data and present observations and findings in accessible form and you will find them on the website. PDF version of our report is also available.
And the sources of the data are varied from government to private companies. And the aim of the project is: promoting civic awareness of online censorship and surveillance carried out by the government; promoting transparency reporting of both the government and private companies; and raising issues and making the public aware of the problems associated with the government’s practices and policies of Internet censorship and surveillance, and in the end, bring about changes.
So the project launched last year. And interestingly, two major Internet companies in Korea, which are Daumkakao and Naver, started to publish transparency reports in few months. So we considered it a great achievement and we also proposed a Bill together with National Assembly members mandating Government’s transparency reporting on mass surveillance.
And also we are involved in Stanford’s WILmap project in building South Korea page. And the map has been very useful in our advocacy for fixing intermediary regime in Korea. I must say we have been integrating the data and observations with our actions in promoting user rights on the Internet very effectively. Thank you.
○ 11월 13일 금요일 (Day 4)
참여 세션: WS 242 정보매개자 책임에 관한 마닐라원칙(The Manila Principles on Intermediary Liability)
– 김가연 변호사 발표 자료: 151113 Manila Principles(Kelly Kim)