The General Data Protection Regulation (GDPR) is a sweeping new data protection and privacy law out of the EU. One of the things the GDPR includes is the ability of EU citizens to send “Right to Erasure” requests to websites, asking that those websites remove content that might be private. Recently, we received one of these requests from our domain registrar asking that we remove a court document from our database on CourtListener. It appears that this is a growing problem for other legal publishers too, with techdirt doing a write up of the issue late last week:
Until last week that is, when we received a “Right to Erasure” request demanding that we remove a case from CourtListener. Now we have an EU regulation that’s at odds with our goal of gathering and sharing important legal information. What’s worse, if we complied with this request, we would be removing precedential information from CourtListener. Our policy is to never do that without a court order from a competent jurisdiction. In short, this take down request is at odds with our goals — and with the design of the American legal system.
So where do we bend? Who wins in this conflict between us, the GDPR, and the individual wishing to remove content from CourtListener? What follows is our approach to responding to this kind of request. The short version is that we won’t comply. We don’t believe we are subject to the GDPR, and even if we were, it has numerous carve outs specifically for the kind of information we provide.
Read on for the details of our approach.