Feeds

Google exec questions Reding's 'Right to be forgotten' pledge

Says certain aspects of article 17 are 'unworkable'

Beginner's guide to SSL certificates

CPDP Google's privacy policy counsel in Brussels has questioned certain parts of European Commissioner Viviane Reding's freshly tabled draft bill on data protection law within the EU.

Marisa Jimenez, who was speaking at the Computer, Privacy and Data Protection (CPDP) conference in the Belgian capital today, expressed concern about some of the passages written under article 17 of the proposed regulation.

Reding's so-called "right to be forgotten" on the internet plans have, in part, been welcomed by Google, Jimenez claimed.

But she noted that the current text submitted by the European Commission is incredibly complex and thereby open to any number of interpretations by data protection authorities and companies that could be expected to comply with the rules, if passed by the European Parliament in their current form.

Here's what Reding's proposed regulation currently states on the "right to be forgotten":

Article 17 provides the data subject's right to be forgotten and to erasure. It further elaborates and specifies the right of erasure provided for in Article 12(b) of Directive 95/46/EC and provides the conditions of the right to be forgotten, including the obligation of the controller which has made the personal data public to inform third parties on the data subject's request to erase any links to, or copy or replication of that personal data. It also integrates the right to have the processing restricted in certain cases, avoiding the ambiguous terminology 'blocking'.

Rosa Barcelo, a privacy and data protection specialist working for the Commission who was also present on the CPDP panel, pointed out that Reding's plans had already been relaxed from a "full obligation" on the part of an individual business and its handling of user data to a "best effort" requirement.

Google's Jimenez said that the overall "objective" of the "right to be forgotten" article was a "positive" one and added that the first part of that proposal that gives users the ability to object to their data being held was a good one. "Google agrees with that," she said. "In fact, we already do that.

"The question comes when deleting data placed on a third party that has very little control of what's been done with that data... Some of the scenarios enter well, others are rather unworkable. The way it is drafted is very unclear. It's a right, but written in a very technical way and not everyone will understand it in the same way when they read it."

The Google counsel said that she hoped that aspect of article 17 would be "clarified as we move forward in the legislative process".

Two other corporate representatives on the same panel - Christoph Luykx from Intel and Mikko Niva from Nokia - touched on industry concerns about shifting more personal information policing over to data controllers.

"We are a little bit wary about this administrative burden that now seems to be surfacing," Niva said. He reckoned that a standardised assessment was simplistic and warned there was a "risk of slowing down products to market."

He claimed the tech industry was better placed to define the "best methodologies."

Jimenez chimed in by saying she "agreed completely" with the Nokia exec's concerns.

"While the goal [of rewriting the EC's data protection legislation] was good, the question is... have these rules become another layer of compliance required?" Google's EU law specialist asked, before adding that "further thought" was needed.

Nokia's Niva added that he believed the requirement for a business to notify a DPA about a data breach within 24 hours was "a very tough deadline". He said that no one wanted "a regime where all kinds of fairly meaningless breaches are reported to the public and DPAs". He said that there should be thresholds built into the planned regulation "to make it sensible".

The panel also briefly touched on the notion of "privacy by design", which has formed part of Reding's recent agenda.

"I think that many of the elements of 'privacy by design' are in the new law," noted Jimenez. "The question is when you have a recipe you might have the ingredients but you have to know how much of what to put in to get the end result. The law cannot work out the quantities," she added. "The law cannot tell you how to do it."

The confab finished with something of a flourish from Barcelo, who turned to Jimenez and co and said privacy was "very relevant". To her it's an "economic asset" for businesses. She concluded: "There's lots of excitement about this in Parliament, a lot of fun." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.