from the censorship-for-privacy dept
Way back when the GDPR was still under consideration, we were among those who warned that, in the name of "protecting privacy," Europe was about to create a tool for massive censorship by encapsulating a massive "right to be forgotten." As we noted at the time, a big part of the problem was that the GDPR was written by privacy and data protection experts, with little to no consideration given to free speech experts, who could have told the drafters how "right to be forgotten" rules would likely be abused. The basic idea behind them seems sound -- allowing people to delete data from services they no longer use -- but the ability to turn that into a tool to take down public information is a real problem.
And, now that the GDPR is official, we're already seeing it in practice. Aaron Greenspan, from Plainsite -- a site that hosts court dockets -- recently noted that he had received a RTBF demand from a guy named Michael Francois Bujaldon, who was seeking to disappear a docket involving a case in which Bujualdon was sued for real estate and securities fraud. The complaint against Bujaldon is fairly damning, and while Bujaldon tried to get the case dismissed, the court was not at all impressed. The current docket suggests that the parties are attempting to work out a settlement, but having yourself be a defendant accused of real estate and securities fraud can't be good for the old reputation.
Never fear, however, for the GDPR has a Right to be Forgotten in it, and Bujaldon is apparently using it to delete his own name from the dockets for which he is a defendant:
If you cannot read that request, it says:
Hi,
under Article 21.1 of the General Regulations on Data Protection (RGPD) transcribing European Regulation 2106-679 and updating the provisions of Law 78-17 of 6 January 1978, known as "Informatique et Libert" amended in 2004 (Law 2004-575 on Trust in the Digital Economy - LCEN), which Article 6 | 2 provides that "any information relating to an identified natural person or which can be identified, directly or indirectly, by reference to an identification number or one or more elements specific to that person shall constitute personal data",
I thank you for deleting my personal data, which is my first and last name Michael Franois BUJALDON on this page:
https://www.plainsite.org/dockets/30qmdbpgl/north-dakota-district-court/chabert-et-al-v-bujaldon-et-al/
Please see attached my ID card.
Regards,
Michael Francois BUJALDON
PD: this website has removed this content yet:
https://www.pacermonitor.com/public/case/17818391/Chabert_et_al_v_Bujaldon_et_al
So, first, you can feel free to highlight the fact that BUJALDON misspelled his own name in the part where he asks that his name be deleted (he left the c out of Francois). But it does appear to be the case that Pacer Monitor deleted the entire docket for Bujaldon, not just his name. If you go to that link you get:
Which... is pretty damn messed up. This is a public court docket regarding a case accusing Bujaldon of serious fraud. That's not just public information, but it's the kind of information that people clearly want to be public. Yet, Bujaldon has been able to get it shot down the memory hole thanks to the GDPR, and Pacer Monitor has complied and disappeared the entire docket.
While Greenspan clearly didn't want to similarly comply, he later notes that his hosting company forced him to remove Bujaldon's name, and replace it with his initials or else it would suspend his server:
So, now the docket on PlainSite looks like this:
Plainsite's Aaron Greenspan told me that his hosting company, Hetzner, is based in Germany, so perhaps they feel more exposed to GDPR requests, no matter how nonsensical. He also shared with me his email exchange with Hetzner. The company doesn't even seem to want to consider the possibility that the takedown request was illegitimate. Not only does it demand he take Bujaldon's name down within 24 hours, it demands a statement "about how this could have happened and what you intend to do about it."
What?
Someone totally abuses the GDPR's Right to be Forgotten to try to delete evidence of an ongoing lawsuit against himself, and the hosting company's first reaction is to assume that the site is at fault and demand an explanation? And an explanation of how "what" happened? Plainsite is just hosting a federal court docket. It didn't do anything wrong, so why is Hetzner acting as if the site must have done something wrong?
Looking around the web, other sources still have Bujaldon's full name in their dockets -- such as at Justia, Law360 and CourtListener, but one wonders if Bujaldon will seek to target them as well.
This is, quite obviously, an abuse of the GDPR to delete public information (information where it's fairly important that it be public) to hide reputation harming information. Some defenders of the GDPR may argue that since this is an abuse of the GDPR, we shouldn't really blame the GDPR for this result, but rather blame Bujaldon for abusing it, or the various internet companies for caving to his bogus demands. However, this is exactly what free speech experts were warning would happen when the "data protection" experts in the EU insisted that these rules would be fine. They refused to listen, and now we're at the point where important information is actually being censored.
Even worse, we're increasingly hearing talk of exporting the GDPR to the United States, and creating a similar set of rules here, as if they won't be aggressively abused to hide important information like this, as well.
Filed Under: censorship, court docket, courts, docket, free speech, gdpr, michael francois bujaldon, pacer, right to be forgotten
Companies: pacermonitor, plainsite