“In the future, everyone will be anonymous for 15 minutes.” So said the artist Banksy, but following the rush to put everything online, from relationship status to holiday destinations, is it really possible to be anonymous – even briefly – in the internet age?
That saying, a twist on Andy Warhol’s famous “15 minutes of fame” line, has been interpreted to mean many things by fans and critics alike. But it highlights the real difficulty of keeping anything private in the 21st Century.
“Today, we have more digital devices than ever before and they have more sensors that capture more data about us,” says Prof Viktor Mayer-Schoenberger of the Oxford Internet Institute.
And it matters. According to a survey from the recruitment firm Careerbuilder, in the US last year 70% of companies used social media to screen job candidates, and 48% checked the social media activity of current staff.
Also, financial institutions can check social media profiles when deciding whether to hand out loans.
Meanwhile, companies create models of buying habits, political views and even use artificial intelligence to gauge future habits based on social media profiles.
One way to try to take control is to delete social media accounts, which some did after the Cambridge Analytica scandal, when 87 million people had their Facebook data secretly harvested for political advertising purposes.
While deleting social media accounts may be the most obvious way to remove personal data, this will not have any impact on data held by other companies.
Fortunately, in some countries the law offers protection.
In the European Union the General Data Protection Regulation (GDPR) includes the “right to be forgotten” – an individual’s right to have their personal data removed.
In the UK the that is policed by the Information Commissioner’s Office. Last year it received 541 requests to have information removed from search engines, according to data shown to the BBC, up from 425 the year before, and 303 in 2016-17.
The actual figures may be higher as ICO says it often only becomes involved after an initial complaint made to the company that holds the information has been rejected.
But ICO’s Suzanne Gordon says it is not clear-cut: “The GDPR has strengthened the rights of people to ask for an organisation to delete their personal data if they believe it is no longer necessary for it to be processed.
“However, this right is not absolute and in some cases must be balanced against other competing rights and interests, for example, freedom of expression.”
The “right to be forgotten” shot to prominence in 2014 and led to a wide-range of requests for information to be removed – early ones came from an ex-politician seeking re-election, and a paedophile – but not all have to be accepted.