Events following the Ashley Madison data breach exposed the personal information of millions of users. Victims filed class action suits in multiple courts in the United States, seeking various forms of monetary and equitable relief. However, these plaintiffs have been unable to compel the removal of personal information from third-party Internet sites hosting the information previously circulated by hackers. Citizens of the European Union, by contrast, could likely compel the removal of such personal information. Unlike the United States, the European Union recognizes a “right to be forgotten”, which authorizes individuals to demand the removal of their personal information from third-party sites. This Article examines how such a right to be forgotten could function in the United States, and particularly how this right could allow victims of the Ashley Madison hack, as well as those of other data breaches, to see their personal information eventually removed from third-party sites. This Article suggests that such a right, if narrowly applied in limited circumstances by the Federal Trade Commission, could better serve the needs of consumers and still preserve First Amendment rights thereby implicated.
Equitable Recovery for Ashley Madison Hack Victims: The Federal Trade Commission as Executor of a Narrow Right to Be Forgotten in the United States,
12 Wash. J. L. Tech. & Arts
Available at: https://digitalcommons.law.uw.edu/wjlta/vol12/iss1/3